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Preface 



This volume contains the papers presented at the “First International Sympo- 
sium on Foundations of Information and Knowledge Systems” (FoIKS 2000), 
which was held in Burg, Germany from February 14th to 17th, 2000. 

FoIKS is intended to be a biannual event focussing on theoretical foundations 
of information and knowledge systems. It aims to take up the old tradition of the 
conference series “Mathematical Fundamentals of Database Systems” (MFDBS) 
which encouraged East- West collaboration in the field of database theory. For- 
mer MFDBS conferences were held in Dresden in 1987 (Springer LNCS 305, 
edited by Joachim Biskup, Janos Demetrovics, Jan Paredaens, and Bernhard 
Thalheim), in Visegrad in 1989 (Springer LNCS 364, edited by Janos Demetro- 
vics and Bernhard Thalheim), and in Rostock in 1991 (Springer LNCS 495, 
edited by Bernhard Thalheim, Janos Demetrovics, and Hans-Detlef Gerhard). 

Another goal of the MFDBS conference series has always been to attract 
researchers working in mathematical fields such as discrete mathematics, com- 
binatorics, logics, and finite model theory who are interested in applying their 
theories to research on database and knowledge base theory. To that end, FoIKS 
takes up the tradition of providing a forum for mathematical foundations in a 
specific branch of computer science. A first attempt to reestablish the MFDBS 
tradition was made in 1995 with a follow-up workshop “Semantics in Databas- 
es” to ICDT (Springer LNCS 1358, edited by Bernhard Thalheim and Leonid 
Libkin) . 

In addition, the FoIKS symposium is intended to be a forum for intensive 
discussions. For this reason, the time slot of long and short contributions is 60 
and 30 minutes, respectively, followed by 30 and 15 minutes for discussions, re- 
spectively. Furthermore, participants are asked in advance to prepare to act as 
correspondents to a contribution of another author. There are also special ses- 
sions for the presentation and discussion of open research problems. 

The FoIKS 2000 call for papers solicited contributions dealing with any foun- 
dational aspect of information and knowledge systems, e.g. 



logical foundations and semantics of datamodels, 
dependency theory, 
integrity and security, 
temporal aspects, 

foundations of information systems design including Web-based informa- 
tion services, 

query languages and optimization, 




VI 



Preface 



database dynamics, 
intelligent agents, 
non-monotonic reasoning, 
application of non-classical logics, 
finite model theory, 

deduction, abduction, and induction in data and knowledge bases. 



The programme committee received 45 submissions by authors from 22 dif- 
ferent countries. Each paper was carefully reviewed by at least three experienced 
referees. Fourteen papers were chosen for long presentations, four papers for short 
presentations. This volume contains polished versions of these papers modified 
according to comments made in the reviews. A few papers will be selected for 
further extension and publishing in a special issue of the journal “Annals of 
Mathematics and Artificial Intelligence” . 

We would like to thank all authors who submitted papers and all workshop 
participants for the fruitful discussions. We are grateful to the members of the 
programme committee and the external referees for their timely expertise in 
carefully reviewing the papers, and we would like to express our thanks to our 
hosts for the enjoyable week in the pleasant surroundings of the Spreewald. 



February 2000 



Klaus-Dieter Schewe 
Bernhard Thalheim 
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Low Discrepancy Allocation 
of Two-Dimensional Data* 



Richard Anstee^, Janos Demetrovics^, Gyula O.H. Katona^, Attila Sali^ ** 

^ Mathematics Department, University of British Columbia 
Vancouver, Canada V6T 1Y4 
^ Computer and Automatization Institute of HAS 
Budapest, Lagymanyosi u. 11 H-1111 Hungary 
® Alfred Renyi Institute of Mathematics, Hungarian Academy of Sciences 
Budapest RO.B. 127 H-1364 HUNGARY 



Abstract. Fast browsing and retrieval of geographically referenced in- 
formation requires the allocation of data on different storage devices for 
concurrent retrieval. By dividing the two-dimensional space into tiles, a 
system can allow users to specify regions of interest using a query rectan- 
gle and then retrieving information related to tiles covered by the query. 
Suppose that there are m I/O devices. A tile is labeled by i if the data 
corresponding to this area is stored in the ith I/O device. A labeling is 
efficient if the difference of the numbers of occurrences of distinct labels 
in any given rectangle is small. Except for some simple cases this dis- 
crepancy exceeds 1. In the present paper constructions are given to make 
this discrepancy small relative to m. The constructions use latin squares 
and a lower bound is given, which shows that the constructions are best 
possible under certain conditions. 



1 Introduction 

Todays information systems often use the two dimensional screen as a tool for 
retrieval of detailed data that is associated with a specific part of the screen. A 
standard example is a geographic database, where first a low resolution map is 
displayed on the screen and then the user specifies a part of the map that is to be 
displayed in higher resolution. Another application is when pictures of famous 
historical monuments or sightseeing spots of an area are to be displayed. Efficient 
support of such queries is quite important for image databases in particular, and 
for browsing geographically referenced information in general. In the Alexandria 
Digital Library project [7] a large satellite image is divided into tiles and each 
tile is decomposed using wavelet decomposition [8]. A wavelet decomposition of 

* The work of the second and third authors was partially supported by the Hungarian 
National Foundation for Scientific Research grant number T016389, and European 
Communities (Cooperation in Science and Technology with Central and Eastern 
European Countries) contract number CIPACT930113 
** This research was done while the third author visited The University of British 
Columbia on a grant of the hrst author. 



K.-D. Schewe, B. Thalheim (Eds.): FoIKS 2000, LNCS 1762, pp. 1-12, 2000. 
(c) Springer- Verlag Berlin Heidelberg 2000 
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an image results in a lower resolution image of the original one together with 
higher order coefficients that can be used to retrieve higher resolution versions of 
the same image. Similar approaches are common to other systems for browsing 
large image databases [4,5]. A user would usually browse the lower resolution 
images fast and then specify areas to be displayed in higher resolution. This 
requires the retrieval of the higher resolution components for the various tiles 
that overlap with the specific region. For a more detailed review of the current 
state of art the reader is referred to [1]. 

In the present paper the model introduced in [1] is analised further. It is 
assumed that data is associated with the tiles of a two-dimensional grid. The data 
corresponding to individual tiles is usually large, so it is preferable to store them 
on parallel I/O devices in such a way, that for a given query, retrieval from these 
parallel devices can occur concurrently. The ideal situation, when information 
related to each individual tile could be stored on a distinct I/O device and 
hence data for any query could be retreived concurrently is not realizable in 
general, because the number of tiles is usually much larger than the number of 
I/O devices available. Thus, the only hope is to ’’spread out” data as evenly as 
possible. In the following, a measure of optimality of data allocation is defined as 
smallest possible discrepancy in the number of access requests for different I/O 
devices for any rectangular set of tiles. Upper bounds for this discrepancy are 
derived that give simple, but efficient allocation methods. These upper bounds 
are shown to be best assymptotycally for certain types of data allocation. This 
could be viewed as a generalization of strict optimality of [1]. 

2 The General Model 

Let TZ be an ni x ri 2 array, whose elements (i,j) where 0 < z < ni — 1 and 0 < 
j < ri 2 — 1 are called tiles. Each tile is supposed to contain detailed information 
on the area it covers. For example, if the array is a low resolution image of a 
geographic region, the higher resolution wavelet coefficients may be associated 
with the individual tiles. Given two tiles (zi,ji) and (z 2 ,j 2 ), where i\ < Z 2 and 
ji ^ J 2 ) two dimensional query is defined by 

'7^[(h,Ji), (* 2 ,j 2 )j = {(z, j):zi < z < Z 2 and ji <j< j 2 }- 

This represents a rectangle, whose opposite corners are (zi,/i) and (z 2 ,j 2 ) and 
area is (z 2 — zi -I- 1) (j 2 — Ji + 1), the number of tiles contained in the rectangle. To 
each tile (z, j) in TZ is assigned a number f{i,j) from the set {1,2,..., m}. The 
number /(z, j) refers to one of m available I/O devices on which the information 
related to the given tile is stored. / is called an m- assignment for TZ. The degree 
of fc (1 < fc < m) with respect to rectangle 7^[(zi, ji), (z 2 ,j 2 )] is 

= \{{i,j) G '7^[(h,ji),(*2,j2)j: /(*,/) = k}\, 

that is the number of ocurrences of k as assignments to tiles in the rectangle. 
An m-assignment is called d-discrepancy assignment iff for any given rectangle 
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= max (^) - min (^) < d 

k k 

holds. <5(zi, ji, Z 2 , J 2 ) is called the discrepancy of the rectangle (z 2 ,j 2 )]- 

Clearly, d-discrepancy m-assignments with small d are sought for efficient re- 
trieval of data using as many I/O devices concurrently, as possible. The opti- 
mality d(m) of m is the minimum d, such that a d-discrepancy m-assignment 
exists for arbitrary ni and rz 2 . 1-discrepancy m-assignments were called strictly 
optimal in [1] and the following theorem was proved. 

Theorem 2.1 (Abdel-Ghaffar,El Abbadi’97). A 1-discrepancy m-assign- 
ment exists for an n\ x array TZ iff one of the following eonditions holds: 

— minjni, 712 } < 2, 

-mG {1,2, 3,5}, 

— m > rii ri 2 — 2, 

— m = rii rz 2 — 4 and minjni, 77 - 2 } = 3, 

— m = 8 and n\ = U 2 = 4. 

Corollary 2 . 1 . d{m) > 2 if m ^ (1,2, 3, 5}. 

Theorem 2.1 shows that strict optimality can be achieved only in very restricted 
cases, hence it is natural to ask, how good an assignment can be in general, i.e., 
good upper bounds for d(m) are of interest. In the rest of the paper d-discrepancy 
assignments are given, where d is of order of magnitude logm It is shown to be 
best possible apart from a multiplicative constant, if the assignment is of latin 
square type. 

Because d(m) is defined as the lowest discrepancy that can be achieved for 
arbitrary ni and ri 2 , we will consider m assignments for an 00 x 00 array, like 
an infinite checkerboard covering the plane. In other words, an m-assignment is 
a map f-.TZv.TZ, — > {1,2,..., m|. 

The proof of Theorem 2.1 and most of the previous results use modular 
assignments, i.e. maps of type f{i,j) = ai -\- (3 j mod m. Our methods are 
different: good assignments are constructed for pm provided good ones exist for 
some m via blow up technique. This results in d{m) = O(logm) for m = p*. 
Then using special transversals in latin squares the construction is extended for 
all values of m. 

3 The Blow Up 

The following construction is crucial in the proofs. Let M be an m-assignment, 
i.e., an 00 X 00 array, whose rows and columns are indexed by Furthermore, 
let A(p) be an 00 X p array, whose rows are indexed by Z and each row is a per- 
mutation of {1, 2, . . . ,p|. The blow up A{pM) of M by A{p) is defined as follows. 
In each column of M the i entries are replaced by z x rows of A(p), i.e., each 1x1 
entry z becomes a 1 x p block, a permutation of {(z, 1), (z, 2), . . . , (z,p)|. Each z 
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entry of the given column is mapped this way to a row of A(p), different entries 
to different rows, and consecutive entries to consecutive rows. For example, if 



1 2 3 4 5 6...P 
4 5 6 ... p 1 2 3 



then the substitution of the 1x1 blocks of t-entries are as follows (* denotes 
entries different from i) 



* 



i ^ {i, 1) (z,2) . . 
* 


, . (i,p) 


i ^ (z,4) (i,5) .. 


..(03) 



* 



This substitution is performed for each different entries t (1 < t < m), indepen- 
dently of each other, thus replacing each column of M with p columns, whose 
entries are from {1,2,..., m} x {1, 2, . . .p}. 

Let us recall that the discrepancy of the (possibly infinite) array M, 6{M) is 
defined as the supremum of S{M') for finite subrectangles M' of M . 

Theorem 3.1. Let M be an oo x oo m-assignment array of discrepancy 5{M). 
Suppose that A{p) is a oo x p array whose rows are permutations of {1, 2, . . . ,p} 
of discrepancy 6 {A{p)). Then 

6{A{pM)) < S{M) + 6 S{A{p)). 

Proof (of Theorem 3.1). Consider a rectangle R in A{pM). It can be decomposed 
into three parts A, B and C, where B consists of complete blown up columns, A 
is the ’’left chunk”, and C is the ’’right chunk”, i.e, they consist of only a part 
of a blow up of one column, respectively, see Figure 1. Let A', B' and C denote 
corresponding entries of M. Notice, that A! and C are single columns. Let 
denote the number of a-entries in the block X of an array. Then the following 
are immediate facts. 

(i) l#A'* - 

(ii) \#A'i + #B'i - #A'j - #B'j( \#B'i + #C'i ~ #B>j ~ #C'j\ < 5{M) 

(iii) \ffA'i + + #C'i ~ #A'j ~ #B'j ~ ffc'j\ < S{M) 

(iv) ffs'i = ffB{i, fc) for /c = 1, 2, . . . ,p 

(v) \#ABc{fk) - #ABcUJ)\ < l#ABc(bfc) ~ #ABc(bOI + l#ABc(bO “ 

#ABc{j, 01 
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Now 

(vi) |#ABc(L - #ABc{hl)\ < |#T(*,fc) - #a(*,0I + I#b(*,A:) - #b(lOI + 

\#c{i, k) - #c{i, l)\ < S{A{p)) -h 0 -h S{A{p)) 

by definition of (5(A(p)) and by (iv) . Also, |#^sc'(b 0 -#abc(j, 01 < l#Ac(bO- 
#Ac{j, 01 + l#B'f — #B'j| by (iv). Assume A has a columns (0 < a < p) and C 
has c columns (0 < c < p). Then 

- #A'i - <5(A(p)) < #a(0 0 < - #A'i - 5{A{p)) 

P P 

is obtained using the fact that the expected number of {i,l)’s in A is ^ x 
size of the array = , Thus, 

- i#A'i - #A'j) + - (#cd - #C'j) - 4<5(A(p)) < 

p p 

< #Ac{i, 0 - #Ac{j, 0 < 

< - (#A't - #A'j)+ - (#C'i - #C'j) + 4<5(A(p)) 

p p 

Again, using (iv) the following is obtained. 

(vii) ^ (#A't - #A'j) + ^ (#C'i - #C'j) + (#B't - #B'j) - 4(5(A(p)) 

< #ABc(0 0 - #ABc(j, 0- 

If #A'i - #A'j > 0 and #cd - #C'J > 0 then from (vii) (#s/i - #b'J) - 
4i5(A(p)) < ^abc(00 ~ #abc(Jj 0 follows, which in turn, using (i) implies 
that 

-S{M) - 4i5(A(p)) < - #ABc{j,l)- 
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For < 0 and < 0 we get ^ {#A'i ~ #A'j) 

and #cd - ^C'j < I i#C'i ~ #C’j) so inequality (vi) becomes ~ 

#A'B'C'j - 4i5(A(p)) < ^ABc{i,l) - ^ABc(jJ), which again results in 

-S{M) - 4 S{A{p)) < :^ABc{i, 1) - #ABc{j, 0 

using (i). By similar arguments for the remaining two cases using A'B' or B'C , 
respectively, 

(viii) -6{M) - 4 5{A{p)) < #ABc{h 1 ) - #ABc{j, 1 ) < S{M) + 4 S{A{p)) 
is obtained. Combining (v), (vi), and (viii) we deduce 

|#ABc(b k) - #ABc{j, 01 < <5(M) + 6(5(A(p)) 

which proves the result. □ 



Corollary 3.1. If the prime factorization of m is m = pf^ p^ . . .p’jf then 

k 

d{m) < y^6e^ d{A{pi)). 

In particular, for m = 2^ d{m) = O(logm). 

Theorem 3.1 suggests finding A(p) arrays for all prime p of low discrepancy. 
Clearly, for small p one can do that. For arbitrary p the modular assignment 
f{i,j) = si + j mod p where s = \_,Jp\ gives S{A{p)) = 0{y/p) (To be strict, we 
should replace symbol 0 with p in this case) . We only sketch the simple proof of 
this observation, because in the next section a better upper bound is proved by 
a different method. 

Let A(p) given by the above /. Because s and p are relative primes, each 
consecutive p entries in a column are permutations of {0, 1, . . . ,p — 1}. Thus, 
calculating the discrepancy it is enough to consider only rectangles with at most 
p rows. A{p) is tiled with ”L” shaped tiles (see Figure 2) 

TT) p — 1 

— ss^ — s+ls^ — s + 2 ... — 1 

s s + 1 s + 2...2s — 1 

0 1 2 ... s- 1 



Each such tile contains every different entry exactly once. A rectangle of at most 
p rows cuts O(y^) such tiles, each cut tile adds at most one to the discrepancy 
of the rectangle. 

This construction and Corollary 3.1 gives d(m) = for all m. 
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4 Latin Square Type Assignments 

In the previous section a construction was given that allows ’’multiplication”, i.e. 
if good assignments for m and p are given, then a good one can be generated for 
p m. In this section we show how to ” add” . To this end, we consider assignments 
of latin square type. Let us recall that a latin square is an m x m array consisting 
of m different symbols, such that each symbol occurs in each row and column 
exactly once. An m-assignment is called latin square type, if 

+ = f{i,j + m) (*) 

and the array M = forms a latin square. In this case M is 

j = l,2,... ,m 

called the generator of the assignment. The discrepancy of such an assignment, 
denoted by S{M), is clearly attained by a rectangle whose number of rows and 
columns, respectively, is not larger than m. 

A transversal of an m x m latin square M = is a set of 

_7 = 1 ,2 , . . . , m 

pairwise distinct entries {/(ti, Ji), /(*2, J2), ■ • ■ , /(*m, Jm)} such that in each row 
and column there is exactly one of them. In other words, {A, Z2, . . . , im} and 
{jij J2, ■ ■ ■ ,jm} are both permutations of { 1 , 2 ,..., m}. 

The discrepancy of an entry in a rectangle TZ of an m-assignment is the 
maximum deviation of the number of occurrences of that entry in any sub- 
rectangle of TZ from the expected value, that is from d-tL of the area of the 
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subrectangle. That is, the discrepancy of entry k in subrectangle 'R\{a, b), (c, d)] 
is I ^(c — a) (c? — 6) — da,b,c,d{k)\. Clearly, an m-assignment is of low discrepan- 
cy iff each entry is of low discrepancy in every rectangle. The discrepancy of a 
transversal in a latin square defined similarly, namely the maximum deviation 
of the number of entries (positions) of the transversal in a subregtangle of the 
latin square from the ^th of the area of the subrectangle. This is extended for 
the m-assignment generated by the latin square by extending the transversal via 
(*). The next definition allows formulating a strong enough induction hypotheses 
that can be carried over. 

Definition 4.1. Number m is said to have property O if there exists a m x m 
latin square M that generates an c logm discrepancy m-assignment, such that M 
has a transversal of discrepancy ci logm, where c and c\ are absolute constants. 



Theorem 4.1. If m has property O, then so do 3m, 3m -I- 1, 3m -I- 2, as well. 

Proof (of Theorem 4-1 )■ The idea of the proof is as follows. Let M be the m x m 
latin square showing that m has property O. First, M is blown up to a 3m x 3m 
latin square B by Theorem 3.1. Then using a transversal of M, three new ones 
of B are constructed. B is extended to a (3m -I- 1) x (3m -I- 1) latin square C 
by putting symbol 3m -I- 1 to the positions of one of the transversals and to 
entry (3m -I- 1, 3m -I- 1), while the original entries of the transversal are placed 
in column and row 3m -I- 1, respectively. Using that C has two transversals left, 
one can extend it with one more column and row, and preserve one transversal 
to carry over the induction. 

Let ^(3) be the oo x 3 matrix generated by the latin square 



L = 



1 2 3 

3 1 2 

2 3 1 



Then i5(A(3M)) < i5(M)-|-6, by Theorem 3.1. Also, it is generated by the 3mx3m 
latin square 



B = 



[12 3] X M 
[3 1 2] X M 
[2 3 1] X M 



L has three transversals: 



o 


A 


□ 


A 


□ 


o 


□ 


o 


A 



the circle, the triangle and the square transversals. The product of any of these 
and a transversal of M yields a transversal for B that are also called circle, 
triangle and square transversals, respectively. 

In order to prove the statement for 3m we need to show that any of these 
product transversals has low discrepancy. Consider a subrectangle R of the 3m- 
assignment generated by B. We may assume without loss of generality, that R 
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has at most 3m columns. R can be decomposed in the same way as in the proof 
of Theorem 3.1 into 3 parts: R = SUTUV, where T consists of the fully blown 
up parts, while S and V consist of 1 or 2 extra columns on the left-hand side and 
right-hand side, respectively. Because T is a fully blown up part, the product 
transversal has the same number of entries in T, as the transversal of M has in 
the subrectangle, which is blown up to T. That is, the density of the product 
transversal in T is just l/3rd of that of the original, which is needed exactly. 
The parts S and V add at most 4 to the discrepancy of the product tranversal, 
so it has O (log 3m) discrepancy. 

Now, from B a {3m + 1) x (3m -I- 1) latin square C is constructed as follows. 
Take the square transversal of B. For each entry t of it at position (i, j) we replace 
it by 3m -I- 1 and place t’s in positions (3m -I- l,j) and (z,3m-|- 1). Furthermore, 
let the (3m -I- 1, 3m -I- 1) entry of C be 3m -I- 1. 

The 3m -I- 1-assignment generated by C has discrepancy 0(log(3m-|- 1)), since 
each entry has low discrepancy. In order to obtain a transversal of C use the 
triangle (or circle) transversal of B and add the 3m -I- 1 entry in lower right (i.e. 
in position (3m -I- 1, 3m -I- 1)). 

We would like to repeat this construction to go from 3m -I- 1 to 3m -I- 2 by 
using a transversal of C. However, to find a transversal of the resulting latin 
square D, such a transversal of C is needed that does not include the lower right 
entry. To this end, let us consider an entry i of the low discrepancy transversal 
of M . After the blow up, this becomes 

(z,l) (z,2) (i,3) 

(z,3) (z,l) (z,2) 

(z,2) (z,3) (z,l) 

in H. It is transformed further in C to 



(*,1) 


(z,2) 


3m -1-1 . 


.. (z,3) 


(z,3) 


3m -1- 1 


(z,2) ., 


.. (z,2) 


3m -1- 1 


(z,3) 


(^,’l) .. 


.. (*,2) 


(z,2) 




(z,3) . 


. . 3m -1- 1 



Here the single underlined entries are from the triangle transversal. Instead of 
them, take the doubly underlined entries from this part of C together with the 
rest of the triangle transversal to obtain (3m -I- 2) x (3m -I- 2) latin square D in 
the same way as C was generated from B. This new transversal is also of low 
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discrepancy, because it is a slight perturbation of the triangle transversal, which 
is of low discrepancy. Hence, D generates a 0(log(3m + 2)) discrepancy 3m + 2- 
assignment. The only thing left to finish the proof is to find a good transversal 
of D. Now, in D we have 



(bl) 


(z,2) 


3m + 2 . 


.. (z,3) 


3m + 1 


(z,3) 


3m + 1 


(z,2) ., 


. . 3m + 2 


(bl) 


3m + 1 


3m + 2 




.. (z,2) 


(z,3) 


3m + 2 




(z,3) ., 


. . 3m + 1 


(b2) 


(*,2) 


(z,3) 


3m +1 . , 


. . (z,l) 


3m + 2 



The underlined entries and the rest of the triangle transversal from the rest of 
B forms a low discrepancy transversal of D. □ 



Corollary 4.1. 

for all m > 0. 



d{m) = 0(log m) 



□ 



5 A Lower Bound 



In this section we use the following deep result of Schmidt [6] to prove that 
Theorem 4.1 is best possible for latin square type assignments. 

Theorem 5.1. Let P be an arbitrary set of N points in the unit square [0, 1)^. 
Then there exisits a rectangle B C [0, 1)^ with sides parallel to the coordinate 
axes such that 



\P n B\ — N area{B) 



> clog N 



(**) 



where c is an absolute constant. 



To prove a lower bound for the discrepancy of an assignment it is enough to 
consider a finite part of it, in our case, the generating lating square. 

Theorem 5.2. Let M be an mxm latin square. Then any entry has discrepancy 
at least c log m, where c is an absolute constant. 

Proof (of Theorem 5.2). Let us partition the unit square into mf little squares 
of side 1/m. Consider entry t of M and put a point in the center of the little 
square in the zth row and jth column if the (z, j) entry of M is equal to t. Apply 
Theorem 5.1 with TV = m to find subrectangle B. We may assume without loss 
of generality, that H’s sides coincide with the sides of some little squares, so B 
corresponds to some TZ\a, b, c, d] subrectangle of M. The number of points in B 
is equal to da,b,c,d{t), while N area,{B) = m so inequality (**) states 

that the deviation of entry t from the expected value in the subrectangle of M 
corresponding to B is at least c logm. □ 
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6 Conclusions, Open Problems 

We have shown that the optimality of every m is O(logm). However, the lower 
bound works only for latin square type assignments. Thus, it is natural to ask, 
whether it holds in general? 

In the proof of Theorem 4. 1 triple-fold blow-up is used. One might ask why 
was it neccessary, could not the proof be done using only double blow-up? The 
reason for the seemingly more complicated induction is that transversals of the 
3x3 latin square are essentially used, however, a 2 x 2 latin square does not 
have any. 

Applying the blow up for p = 2 the the obtained assignments are generated 
by the following latin squares for to = 2* t = 1, 2, 3, 4: 

' 1 2 3 4 5 6 7 8 ' 

5 6 7 8 1 2 3 4 













' 1 


2 


3 


4 ■ 






3 


4 


1 


2 


7 


8 


5 


6 






■ 1 


2 ' 






3 


4 


1 


2 






7 


8 


5 


6 


3 


4 


1 


2 






2 


1 






2 


1 


4 


3 






2 


1 


4 


3 


6 


5 


8 


7 














4 


3 


2 


1 






6 


5 


8 


7 


2 


1 


4 


3 


























4 


3 


2 


1 


8 


7 


6 


5 


























_ 8 


7 


6 


5 


4 


3 


2 


1 




1 


2 


3 


4 


5 


6 




7 


8 


9 


10 




11 


12 


13 




14 


15 


16 


9 


10 


11 


12 


13 


14 




15 : 


16 


1 


2 




3 


4 


5 




6 


7 


8 


5 


6 


7 


8 


1 


2 




3 


4 


13 


14 




15 


16 


9 




10 


11 


12 


13 


14 


15 


16 


9 


10 




11 : 


12 


5 


6 




7 


8 


1 




2 


3 


4 


3 


4 


1 


2 


7 


8 




5 


6 


11 


12 




9 


10 


15 




16 


13 


14 


11 


12 


9 


10 


15 


16 




13 


14 


3 


4 




1 


2 


7 




8 


5 


6 


7 


8 


5 


6 


3 


4 




1 


2 


15 


16 




13 


14 


11 




12 


9 


10 


15 


16 


13 


14 


11 


12 




9 


10 


7 


8 




5 


6 


3 




4 


1 


2 


2 


1 


4 


3 


6 


5 




8 


7 


10 


9 




12 


11 


14 




13 


16 


15 


10 


9 


12 


11 


14 


13 




16 


15 


2 


1 




4 


3 


6 




5 


8 


7 


6 


5 


8 


7 


2 


1 




4 


3 


14 


13 




16 


15 


10 




9 


12 


11 


14 


13 


16 


15 


10 


9 




12 : 


11 


6 


5 




8 


7 


2 




1 


4 


3 


4 


3 


2 


1 


8 


7 




6 


5 


12 


11 




10 


9 


16 




15 


14 


13 


12 


11 


10 


9 


16 


15 




14 : 


13 


4 


3 




2 


1 


8 




7 


6 


5 


8 


7 


6 


5 


4 


3 




2 


1 


16 


15 




14 


13 


12 




11 


10 


9 


16 


15 


14 


13 


12 


11 




10 


9 


8 


7 




6 


5 


4 




3 


2 


1 



The discrepancies are 1, 2, 2, 3, respectively. Studying the pattern of these latin 
squares one can find an explicit, non-recursive method for constructing them, 
starting from the first row [1,2,..., 2*]. We strongly believe that for to = 2* our 
construction is best possible. 

Theorem 5.2 works also for modular assignments, as well. However, there are 
not known bounds for their performance, in general. The construction for A(p), 
p prime, gives an O(y^) upper bound, for certain to’s. The question is, whether 
the lower, or the upper bound is sharp in that case? 
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In the present paper we studied low discrepancy allocation of two-dimensional 
data. It is natural to extend the scope of investigations to higher dimensions. 
For example, one can have a database of temperature distribution in a three- 
dimensional body. How well can three- (or higher-) dimensional data distributed? 
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Abstract. Semi-structured data are commonly represented by labelled 
graphs. The labels may be strings, integers, . . . Thus their type is atomic. 
They are carried by edges and/or nodes. In this paper, we investigate 
a nested graph representation of semi-structured data. Some nodes of 
our graphs may be labelled by graphs. Our motivation is to bring the 
data model in use closer to the natural presentation of data, in partic- 
ular closer to the Web presentation. The main purpose of the paper is 
to provide query languages of reasonable expressive power for querying 
nested db-graphs. 



1 Introduction 

Recently, semi-structured data attracted a lot of attention from the research 
database community (see for example [8,4,3,10,9,5,6]). This interest is moti- 
vated by a wide range of applications such as the genome databases, scientific 
databases, libraries of programs, digital libraries, on-line documentation, elec- 
tronic commerce. Semi-structured data arises under a variety of forms: data in 
BibTex or Latex files, HTML or XML files, data integrated from independent 
sources. Clearly enough, the main challenge is to provide suitable data models 
and languages to represent and manipulate semi-structured data. Several pro- 
posals have been made [13,7,6]. The representation of semi-structured data by 
graphs with labels on edges and/or vertices is shared by almost all proposals. 

In a previous paper [6] , we have proposed a model for semi-structured data, 
called the db-graph model together with a logic query language in the style 
of relational calculus. The contribution of [6] resides in a sound theoretically 
founded language. Furthermore the language, called Graph(Fixpoint), has been 
shown more expressive than other proposals such as Lore [3], UnQL [8], WebSQL 
[ 10 ]. 

In this paper, we study an extension of our db-graph model for representing 
semi-structured data. This extension allows one to have db-graphs whose ver- 
tex labels are db-graphs themselves. It is widely recognized that the difficulties 
arising when defining a model and a language to describe and manipulate semi- 
structured data are (i) a, partial knowledge of the structure and (ii) a potentially 
“deeply nested” structure. 



K.-D. Schewe, B. Thalheim (Eds.): FoIKS 2000, LNCS 1762, pp. 13—30, 2000. 
© Springer- Verlag Berlin Heidelberg 2000 
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Bringing the data model closer to the natural presentation of data stored via 
Web documents is the main motivation behind nesting db-graphs. To illustrate 
the use of nested graphs, let us consider the case of XML documents. Assume 
we have a XML file book. xml. Its contents and its graph representation are 
described below. 



. . . document heading . . . 

<title> Databases </title> 
<author> John Smith </author> 




Clearly, title and author are considered as attribute names whereas Databases 
and John Smith are data. Now suppose that we add to this document the lines 
which describe an anchor pointing to the file contents . xml. 

<contents> 

<A HREF ="file : //contents . xml">Table of contents 
</A></ contents> 

The view of books . xml becomes: 




Databases 



Jhon Smith Table of contents 



Furthermore, assume that contents. xml is as described below 
. . . document heading . . . 

<Sectionl> Relational Databases </Sectionl> 
<Section2> Object Databases </Section2> 



Thus, we may enrich our initial graph to represent the contents of the second 
document. To this purpose, we may consider two alternatives. The first one uses 
a “flat graph” while the second uses a “nested graph”. Both representations 
are respectively described below. We believe that the second graph is a more 
faithful representation of the real world. Indeed, it helps to distinguish between 
the structure of book. xml and that of the file 

. . . document heading . . . 

<title> Databases </title> 

<author> John Smith </author> 

<contents> Table of Contents 

<Sectionl> Relational databases</Sectionl> 

<Section2> Object databases</Section2> 

</ contents> 



whose graph representation is actually a flat graph identical to the one in Figure 
1(a). 
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(b) Nested graph 



Fig. 1. Two possible representations 



Let us now consider another situation. The Web can be viewed as a graph. 
Its nodes are files in particular formats. A node of the Web db-graph may well 
be a structured document (e.g., the annual report of the LaBRI database group 
in PDF format). As such, this node can itself naturally be represented by a 
graph. Another node of the Web may be a simple text file (e.g., describing the 
topics of interest of the LaBRI database group). This node will carry a simple 
label. Finally, there may exist a node providing an interface to an integrated 
movie database build from several sources containing information about movies, 
movie theaters in Bordeaux, ... , comments about movies provided by the LaBRI 
database group members. In this case again, the Web node is in fact valued 
by a db-graph: the db-graph (let us call it the movie db-graph) represents the 
integrated sources of information. It is easy to go one step further in the modeling 
process. Let us consider those nodes of the movie db-graph corresponding to the 
LaBRI database group member comments about movies. Some of these nodes 
may well be simple and carry simple text. Others may be complex and contain 
structured documents. This situation leads to having a second level of nesting 
in the Web db-graph. 

Applications bring many examples of this kind. It is of course possible to 
represent these semi-structured data by “flat” db-graphs. The work presented in 
this paper investigates the gain in using a nested representation. The approach 
is similar to that of the nested relational model [1] compared to the relational 
model. We mainly focus on providing languages to query nested db-graphs. Two 
languages are proposed. They both are formally defined in a calculus style as 
extensions of the language introduced in [6]. The two languages differ in the 
knowledge of the “structure” required to express queries. The first language, 
called Graph(Nest-Path), is based on a nested path language Nest-Path. In or- 
der to specify a query with this language, it is required that the user knows the 
levels of nesting of the searched information. In contrast, the second language, 
called Graph(Emb-Path), has a higher degree of declarativeness: the user does 
not need to have any knowledge about the level of nesting of the “wanted” in- 
formation. 
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Fig. 2. A nested db- graph. 



The paper is organized as follows. Section 2 is devoted to the presentation 
of our nested semi-structured data model. Section 3 prepares to the definitions 
of the graph query languages by introducing common notions. In fact, Section 3 
introduces a parameterized graph query language Graph(£) where £, the param- 
eter, is a path query language. In section 4, we instantiate £ by a path query 
language based on nested path formulas called Nest-Path which extends the 
language Path introduced in [6]. The advantages and drawbacks of Graph(Nest- 
Path) are discussed. The main problem arising while using Graph(Nest-Path) 
to query a nested db-graph is that it requires to have knowledge of the levels of 
nesting. Section 5 tries to solve this problem and provides a new instantiation 
of £ called Emb-Path. Further research topics conclude the paper. 
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2 Data Model 

Nested db-graphs (db-graphs for short) are a generalization of flat db-graphs in 
the sense that some nodes are allowed “to be” themselves db-graphs. Hence, in 
the next definition, we shall distinguish two sets of nodes: a set Ns of simple 
nodes and a set Nc of complex nodes. 

Definition 2.1 (Nested db-graph). Let V be an infinite set of atomic values. 
Let Ns be a set of simple nodes and Nc a set of complex nodes. Let E be a set of 
edges (identifiers) . Let org and dest be functions assigning to an edge respectively 
its origin and its destination. Let \ be a polymorphic labelling function for nodes 
and edges such that labels of simple nodes and edges are atomic values in V 
whereas labels of complex nodes are db-graphs. 

A nested db-graph G = {Ng, Nc, E, A, org, dest) is defined recursively by: 

1. If Nc is empty then G = {Ng, Nc, E, A, org, dest) is a nested db-graph. In this 
case, G is called a flat db-graph. 

2. G = {Ng, Nc, E, A, org, dest) is a nested db-graph over the db-graphs G \, .., Gk 
if for each n € Nc, A(n) is one of the db-graphs G\, ..,Gk 

Example 2.1. Figure 2 is an example of a nested db-graph. It contains two com- 
plex nodes and n^. The destination U 2 of the edge labelled by imdb, contains 
a db-graph providing information about movies and tv-series. The complex node 
U 4 is labelled by a db-graph representing a relational database having a single 
relation pariscope{theater, title, schedule). The simple node is the root of a 
flat db-tree giving information about movies too. 

Let us consider a nested db-graph G = {Ng,Nc,E,X, org, dest) over the db- 
graphs Gi, . . . , Gk. We provide the reader with few remarks and notations: 

— In order to avoid ambiguity, we use the term node of G to refer to an element 
of Ng or Nc and we use the term embedded node of G to refer to either a 
node of G or a node of Gi or an embedded node of Gt. 

For instance, if one considers the db-graph drawn in Figure 2, the nodes ni, 
ri 2 , ns are nodes of G; the nodes n 2 i and U 22 are not “direct” nodes of G, 
they are embedded in the node U 2 . 

When necessary, we use the notations Ng{G), Nc{G) and Ncmb{G) to refer 
respectively to the set of simple nodes of G, the set of complex nodes of G 
and the set of embedded nodes of G. 

— We make the assumption that Ng and Nc are disjoint sets (a node cannot 
be simple and complex at the same time). We also make the assumption 
that Ng and Nc both have an empty intersection with Ncmb(Gi), for any i. 
Intuitively, a node cannot belong to several levels of nesting in G (see below) . 

— Two nodes can be linked by several edges although each pair of such edges 
should carry different labels. Thus an edge is totally defined by its origin o, 
its destination d and its label 1. We sometimes use the notation (o, d, 1) to 
refer to that edge. 




18 Nicole Bidoit, Sofian Maabout, and Mourad Ykhlef 

~ A path is a sequence of edges (ei, 62, . • . , e^) s.t dest{ei) = org{ei+i) for 

In the following, as it is usually done, we restrict our attention to simple 
paths that is paths with no multiple occurrences of a same edge. 

Note here again that when considering a path of G, embedded db-graphs are 
not expanded. 

The empty path is denoted e. 

The mappings org and dest are extended to paths in a natural way. 

~ The embedded db-graphs Gi,. . . ,Gk of G are at level 1 of nesting in G. The 
set of all embedded db-graphs of G is composed of Gi , . . . , Gfc and of theirs 
embedded db-graphs. The notion of level of nesting in G of an embedded 
db-graph is the natural one. 

By a path p of level I in G, we mean a path p of an embedded db-graph of 
level 1. Recall that we make the assumption that an embedded node cannot 
belong to more than one level of nesting. Thus the same holds for a path. 

— Atomic labels are carried by simple nodes and edges of G and also by simple 
nodes and edges of embedded db-graphs of G. This entails that a label may 
occur at different levels of nesting in G. For instance, in figure 2, the atomic 
value title labels two embedded edges, one at level 0 and the other at 
level 1. 

In the following, atomic values labelling nodes are called data and atomic 
values labelling edges are called labels. 

— A node r of a graph G is a source for G if there exists a path from r to any 
other node of G. A graph is rooted if it has at least one source. 

3 Querying Semi-structured Data: Preliminaries 

In this section, we introduce the general setting which serves the definition of our 
languages. In the literature, most of the languages proposed for querying semi- 
structured data represented by a graph are based on a similar approach, although 
the paradigms used are different. A query is meant to extract sub-graphs from 
the initial graph or equivalently the roots of these sub-graphs. What are the 
criteria participating in the specification of the sub-graph retrieval? Essential- 
ly, the languages allow one to express two kinds of properties: (i) reachability 
of the root of the output sub-graphs via a specific path; (ii) existence, in the 
output sub-graph, of some specific paths. It is easy to see that both kinds of 
property rely on some paths. This explains why most languages like ours [6] are 
based on an intermediate language which retrieves paths in a graph. These path 
languages often use path expressions as their basic constructs. Their expressive 
power determines the expressive power of the semi-structured query language 
based on it. In the following, for the purpose of the presentation, we will view a 
semi-structured query language as a language parameterized by a path formulas 
k^path • 



The languages considered in this paper are calculus. Thus we suppose that 
four sorts of variables are on hand: path and graph variables denoted by 
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X,Y, Z, . . label variables denoted by x,y,z,... and data variables denoted 
by a, /3, 7 , . . . We sometimes use bold capital characters X, Y, . . . when the sort 
of the variable is irrelevant. A term is defined as usual. 

A path formula tp of Cpath may have free variables. All free variables of ip are 
forced to be of the sort path. Defining the semantics of Cpath is done by defining 
the relation G,i'\=tp for any db-graph G and any valuation iz of the free variables 
in ip. 

We now have all the ingredients to define a db-graph query language param- 
eterized by the path formulas in Cpath- 

Definition 3.1. A query in the language Graph(Cpath) is an expression of the 
form {A"!, . . . , Xn \ (j>} where Xi ’s are graph variables and moreover Xi ’s are the 
only free variables of the graph formula (j>. 

An atomic graph formula is an expression of one of the following forms: 

1. A path formula in Cpath, 

2. t : X where t is a graph term and X is a path variable, 

3. X[t] where X is a path variable and t is a graph term, 

4- ti ~ t 2 where both ti and t 2 are graph terms and where ~ is the symbol of 
bisimulation [12]. 

A general graph formula is defined in the usual way by introducing connectives 
and quantifiers. 

Roughly speaking, t : X means that AT is a path whose origin is a root of the 
graph t. Hence the formula of the kind t : X expresses what has been formerly 
introduced as a retrieval condition of the kind (i) existence, in the output sub- 
graph, of some specific path. 

Intuitively, the atom X [t] checks whether the graph t is rooted at the destina- 
tion of the path X . This formula illustrates what we have previously introduced 
as a retrieval condition of the kind (ii) reachability of the root of the output 
sub-graphs via a specific path. 

The formal definitions of graph formula satisfaction and of graph query an- 
swering are not developed here. The interested reader can find these definitions 
in [6]. 

As a matter of fact, in [6] we defined three path languages, namely Path, 
Path-Fixpoint and Path- While. The expressive power of the graph languages G- 
Fixpoint defined as Graph(Path-Fixpoint) and G- While defined as Graph(Path- 
While) were investigated. 

In the next sections, using the same technics as [6], we define two nested 
db-graph query languages. The first one is based on a path language called 
Nest-Path and the second one is based on Emb-Path. 

4 Nest-Path: A Nested Path Calculus 

In this section, we introduce Nest-Path, a path expression language which ex- 
tends Path by nesting (simple) path expressions. A path expression in Path is 
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an abstraction for describing paths which have a level of nesting equal to 0. Here 
we need a mechanism to abstract paths belonging to any level of nesting. Let us 
first illustrate the language Nest-Path. 

A (simple) path expression (in Path) can be of the form x> a and then the 
intention is to describe all paths reduced to a single edge labelled by x whose 
destination is a simple node labelled by a. 

We extend these simple expressions by considering the more general form 
I 0 q where g is a path query. Such a nested path expression is meant to specify 
paths reduced to a simple edge labelled by I and whose destination is a complex 
node on which the query q should evaluate to a non-empty set of paths. 

Example . Let q : {Y | Y S title} be a path query. Then imdb c> q is a nested 
path expression. It specifies paths of level 0 reduced to a single edge labelled by 
imdb and whose destination is a complex node labelled by a nested graph Gi on 
which the query q evaluates to a non-empty set of paths of level 1 , reduced to 
one edge labelled by title. The single path of the db-graph of figure 2 spelled 
by imdbi>q} is the edge (ni, n 2 , tm<i6). Note that the query q evaluated on the 
contents of the complex node U 2 returns the 3 edges whose destinations are 
respectively labelled by “Destiny”, “Psycho” and “Cosby Show”. 

4.1 Nest-Path’s Syntax 

We now formally define nested path expressions. 

Definition 4.1 (Nest-Path). A nested path expression is recursively defined 
by: 

1. A path variable or a label term is a nested path expression. In this case, it 
is both pre-free (the origin of the path is not constrained) and post-free (the 
destination of the path is not constrained). 

2. (a) s\>t (b) t<is 

(c) s> q{Xi , . . . , Xn) (d) q{Xi , . . . , A„) <i s are nested path expressions if 

• s is a nested path expression. In cases (b) and (d), s is required to be 
pree-free and in cases (a) and (c), s is required to be post-free. 

• t is a data term. 

• q is a nested path query of arity n ^ 

• Xi are path variables. 

The nested path expressions of types (a) and (c) are post-bound. Those of 
types (b) and (d) are pre-bound. 

3. S 1 .S 2 is a nested path expression when si and S 2 are nested path expressions, 
resp. post-free and pree-free. S 1 .S 2 is pre-free (resp. post-free) as soon as si 
(resp. S 2 ) is. 



1 



See definition 4.2. 
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Example 4-2- The expression movie. title captures every path p having two 
edges labelled successively by movie and title. It is pre-free and post-free since 
neither the destination nor the origin of p is bound by a data term or a query. 
The path expression movie. title c> “Destiny” captures paths of the same form 
whose destination brings the data “Destiny”. This expression is pre-free and 
post-bound. The expression imdb>q(X) is a pre-free, post-bound nested path 
expression. 

We are now going to complete the former definition to make precise what is 
a path query. A path formula is build from path expressions as follows: 

1. It is a nested path expression. 

2. It is ti=t 2 where t\ and ^2 are terms of the same sort. 

3. It is t G s where t is a path term and s is a nested path expression. 

4. (pAip (resp. <t>, (3X) (j) and (VX) (j) where (p and ijj are path formulas. 

Intuitively, t G s intends to check that the path t is among the paths spelled 
by the path expression s. 

Definition 4.2 (Nested path query). A nested path query of arity n is of the 
form {Xi, . . . ,Xn I where <p is a nested path formula, for i = l..n, Xi is a 
path variable, and the set Free{ip) of free variables of (p is exactly {^i, . • . ,Xn}. 



Example 4-3- Let us consider the nested path query r : {X | imdb[>q(X)} where 
q is the unary query {Y | Y G title}. 

This query is meant to return paths of level 1 embedded in a node which is 
the destination of an edge of level 0 labelled by imdb. These output paths are 
reduced to single edges labelled by title. 

The preceding example suggests that a level of nesting is associated to vari- 
ables in path expressions and queries. The notion of level of a variable in a path 
expression or query is necessary in order to define the semantics. We will restrict 
our presentation to meaningful examples. 

Example 4- 4- In th® previous example, the level of the variable X occurring in r 
is 1. This is implied by the fact that the level of the variable Y in q is 0 and X is 
linked to Y by q in the nested path expression imdb o q(X). 

Example 4-5- Consider the path query r defined by {X | X G title V imdb > q(X)} 
where q is {Y | Y G title}. 

The query r returns the edges of level 0 labelled by title (this comes from 
X G title) as well as the edges of level 1 labelled by title (this comes from 
imdbc>q(X)). Note that, in this case, two levels (0 and 1) are associated to the 
variable X. This situation is considered valid in the framework of nested db- 
graphs. The motivation is to allow one to retrieve paths at different levels of 
nesting. In fact, the only case where it is sound to assign multiple levels to a 
variable arises in disjunctive queries. Note here that the query r could have been 
split into two conjunctive queries. 
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Example 4-6- The expression {X | X.imdb[> q(X)} where q : {Y | Y G title} is not 
a query because the variable X is assigned two levels (0 and 1) and a concrete 
path cannot be assigned two different levels. 

In [15], a procedure has been defined that assigns levels of nesting to the variables 
of a path query or path expression. In the following we assume that expressions 
are “well nested” and moreover that variables have a unique level (disjunction 
is ruled out without loss of generality) . 

4.2 Nest-Path’s Semantics 

The semantics of Nest-Path is provided by giving a precise definition of the 
function Spell. Given a db-graph G and a path expression s, the function Spell 
gives the paths of G or embedded in G which conform to the expression s. 
In order to define Spell, we first need to tell how variables are valuated. As 
usually in the framework of calculus for querying databases [2], valuations rely 
on the active domain of the underlying db-graph G and expression s. The formal 
definition of the active domain is cumbersome and we will avoid its presentation 
here. The general idea is that a variable X, for instance a path variable, cannot be 
valuated by any path. It should be valuated by a path p in G or in an embedded 
graph of G, depending on the level of nesting associated to the variable X. So 
in fact, we always valuate a pair (X, 1) composed of a variable and its level in 
the path expression s or in a query r by a “value” in the graph of corresponding 
level I of nesting. 

For sake of simplicity, in the rest of the paper, we use the term valuation to 
abbreviate active domain valuation sound w.r.t. level assignment. 

Definition 4.3 (Spelling). Let G = {Ng, Nc, E,X,org,dest) be a db-graph. 
V ar{s) is the set of variables appearing in the expression s. Let v be a valuation 
ofVar(s). The set of simple paths spelled by s in G, with respect to v denoted 
by SpellG{v{s)) is defined as follows: 

1. if s is X then Spellciu'is)) = {v{X)}, 

2. if s is a label term t then SpellG{v{s)) = {(e) | e G E and A(e) = J^(t)|, 

3. if s is si>t then SpellG{v{s)) = {p \ p G SpellG{v{si)) and 

\{dest{p)) = v(t) } 

SpellG{v{t <i s\) is defined in a similar fashion. 

4 . if s is si > q{Xi, . . . , Xn) then 

SpellG{v{s)) = {p I p G SpellG{v{si)) and 

q{\{dest{p))) yf 0 and 

(V(Ai), . . . , KA„)) G q{\{dest{p))) } 

where q{\{dest{p))) denotes the answer (see definition 4-5 below) of the path 
query q evaluated on the db-graph labelling the destination of the path p. 
SpellG{v{q{Xi, . . . ,Xn) <si)) is defined in a similar way. 
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5 . if s is S1.S2 then Spella{iy{s)) = {pi-P2 \ Pi G SpellG{v{si)) and 

P2 G SpellG{v{s2)) and 
dest{pi) = org{p2) and 
P1-P2 is simple } 

Example 4 - 7 . Let G be the db-graph of figure 2 . Let s be the path expression 
imdb \> q(X) where q : {Y | Y G title} 

Consider the valuation i/ of X (whose level in s is 1 ) by the path ((7121,^22, title)) 
of level 1 , then it is easy to see that i^{X) belongs to the answer of the query q 
evaluated on the db-graph labelling the complex node n2- In fact, SpellG{v{s)) = 
{{{ni,n2,imdb))}. 

Definition 4.4 (Satisfaction of a path formula). Let p be a path formula 
and V a valuation of Free{(p). A db-graph G satisfies (p w.r.t v, denoted G |= 

V[v], if 

1 . <p is a path expression and SpellG{p[v\) yf 0 . 

2 . <p> is t\= t2 where t\ and t2 are both terms and v{ti) =v{t2) ■ 

3 . (p is t G s where t is a path term and there exists an embedded db-graph G' 
of level equal to that oft such that vff) G SpellG'{i'{s)). 

4 - Satisfaction for { 4 > A ip), -> 4 >, ( 3 X) <f> or (VX) is defined as usual. 

Definition 4.5 (Path query answer). Let q = {Xi, . . . , X„ \ p} be a path 
query and v be a valuation of Free{p). The answer of q evaluated over the 
db-graph G is 

g(G) = {(K^i),...,K^„)) I G^p[,^]}. 



Hence, a path query takes a db-graph as an input and outputs tuples of paths. 
The following example illustrates how the language Nest-Path can be used to 
combine data which may reside in different embedded graphs. 

Example 4 - 8 . Let us consider once more the db-graph of Figure 2 . Assume that 
the user knows about the “structure” of the information in node ri2 as well as 
the “structure” of the information in node 774 (These structures may have been 
extracted by an intelligent engine). Thus he/she knows that U2 provides titles 
together with directors of movies and 774 provides titles together with theaters. 
Now assume that the user just wants to combine these information to have 
together titles, directors and theaters. He/she may express this by the following 
query r : {F,D,T | s} where s is the following path expression 
imdb[>qi(F,D) A ( 3 U)( 3 Fm) (U O q^ (Fm, T) A 

( 3 a) (F G title > a A Fm G title > a)) 

and 

qi:{Xi,Yi I ( 3 Zi)(Zi.Xi A X^ G title A Z^.Yj A Y^ G director)} 
qa : {X2,Y2 I (3Z2) (Z2 G pariscope A Z2.X2 A X2 G title 
A Z2.Y2 A Ya G theater)} 
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The query collects information (title and director) from the complex node 
ri2 and the query returns information (title and theater) from 714. The com- 
bination is performed by the condition (3a) (F G title > a A Fm G title > a) 
that appears in r. This combination acts like a join. 

Now that we have a way to select paths (and embedded paths) in a db- 
graph, we naturally can select sub-graphs (and embedded sub-graphs) via the 
language Graph(Nest-Path). Let us reuse the preceding example to illustrate 
this language. 

Example 4- 9. The reader may have noticed that the path query r returns triples 
of paths although it seems more natural for a user to get triples of nodes (the 
destinations of the paths) as an answer. Intuitively, this is what is performed by 
the following graph query: 

{X, Y, Z I (3f3d3T) s a F[X] a D[Y] A T[Z]} where s is the path expression de- 
fined in the previous example. 

4.3 Expressiveness 

In this section we investigate the expressive power of Nest-Path. Essentially, we 
compare the new path language Nest-Path with the simple path language Path. 
The next result relies on a translation of nested db-graphs into “flat” db-graphs 
and it shows that a Nest-Path query Qnest can be translated into a Path query q 
in such a way that evaluating Qnest over a db-graph G is equivalent to evaluating 
q over the corresponding “flat” db-graph. Intuitively, this result tells that Nest- 
Path is not more expressive than Path. It can be compared in its spirit to the 
result [14, 1] which bridges a gap between the nested and the “flat” relational 
models. 

The simple language Path is not redefined here. The reader can assume that 
Path is just like Nest-Path without nesting that is without the constructs of 
2.(c) and 2.(d) of definition 4.1. 

Theorem 4.1. There exist a mapping S from db-graphs to flat db-graphs, and 
a mapping T from Nest-Path to Path such that 

if q G Nest-Path and G is a nested db-graph then q{G) = T{q){S{G)). 

Before we proceed to a short proof, let us recall [6] the notion of maximal 
sub-graph of a graph G. A graph G' rooted at r is maximal w.r.t. G if each path 
in G starting at the source r is also a path in G' . Moreover G' is assumed to be 
a sub-graph of G. Finally, G' is a cover of G if it is maximal and if it is not a 
sub-graph of any other maximal sub-graph. 

Sketch of proof The mapping S unnests a nested db-graph G by repeating the 
process described below until G becomes totally flat. 

1. Every complex node n of G is replaced by a simple node n//at- Consider the 
label of n that is a graph G„. 
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2. Nodes, edges etc of G„ are added to nodes, edges ... of G. 

3. For each cover G/ of G„, a root r is selected and an edge {ufiat, r, %) is added 
to the edges of G. Note here that % is a new special label for the purpose of 
unnesting. 

Notice that S is not deterministic because of the choice of a root (see point 3. 
above) for a cover of G„. 

The figure 3 shows a flat db-graph which is the result of unnesting the db- 
graph of figure 2 by applying S. 

The translation of a path expression Snest of Nest-Path is not very complicat- 
ed (although it is overly technical) once the transformation of nested db-graph 
into flat db-graph is defined. In fact, the only difficulty is to capture in the flat 
path expression translating Smst the nested path queries q that appear in sub- 
expressions of the kind X >q(Y). The level of Y is the information allowing one 
to make the translation. Let us consider the expression Snest = Xt>q(Y) where q 
is the path query {Z \ Z G title}. The translation of Snest is X.%.Y AY € title. 
The fact that the level of Y in Snest is 1 is reflected by the requirement of one 
edge labelled by % before Y. 

It is quite trivial to see that Graph(Nest-Path) can be simulated by Graph(Path) 
by using the transformations S and T of theorem 4.1. 

5 Emb-Path: A Fixpoint Nested Path Calculus 

When using Graph(Nest-Path) for extracting data from a semi-structured data- 
base represented by a nested db-graph, the following problem arises. How could 
the user write a query if he does not know about the level of nesting of the 
data that he wants to retrieve? For instance, consider that the user is seeking 
all possible movie or tv-serie titles. The database of interest is the one depicted 
in figure 2. Hence, the user may ignore that some of the data he is looking for 
are at level 1 of nesting and try to get what he wants by writing the query 
{X I title[X]}. The answer returned by this query is not complete w.r.t. the 
user expectation. Now, the user may have already navigate in the database and 
happen to know that data are nested at least one level. Thus he probably will 
write the following expression to retrieve movie and tv-serie titles: 

{X I title[X] V (3U) U>r(X)} where r : {Y | title[Y]}. 

However, it may well be the case that the data are nested one level more etc. 

First, it is unrealistic to require that the user (and even the data management 
system) knows about the depth of nesting. Secondly, even in the case where the 
depth d of the nested db-graph is known, writing a query such as the one above 
may become highly complicated if d is large. 

In this section, we introduce a new path language called Emb-Path to over- 
come the above mentioned problem and gain a degree of declarativeness by 
allowing the user to write queries such as the one of the motivating example 
without knowing the depth of the db-graph. 
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Fig. 3. Flattening a nested db-graph 



5.1 Emb-Path’s Syntax and Semantics 



Roughly speaking, an embedded path formula is specified by two Path formulas. 
The evaluation of the embedded path formula specified by tp and if) is an iterative 
process. At each step, the role of the first formula ip is simply to extract paths 
of interest. At each step, the second formula ip serves to access some specific 
complex nodes in the db-graph, the ones which are going to be unnested in the 
sense that the labels of these complex nodes which are db-graphs are going to 
be processed (queried) at the next iteration. Thus in fact the second formula 
allows one to navigate in depth into the db-graph (not necessarily in the whole 
db-graph). Formally, 
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Definition 5.1 (Emb(Path,Path)). Let ip be a Path formula with n free path 
variables Xi, . . . , Xn and let ip be a Path formula with one free path variable Y . 
Then Emb{p,ip) (read (p is embedded in ip) is an embedded path expression of 
arity n. Given a db-graph G, Emb{p,ip) denotes the n-ary relation which is the 
limit of the sequence {a:fc}fe>o defined by: 

1. xq is the answer to the query {(ATi, . . . ,X„) | p\ evaluated on G. 
yo is the answer to the query {(E) | ip} evaluated on G. 

2. Xk+i = Xfc U p{yk) and yk+i = 2 /fc U ip{yk) where 

p{yk) (resp. ip{yk) ) is the union of the answers to the query {(ATi, . . . , Xn) \ 
p} (resp. 1(E) I Ip}) evaluated on the db-graphs labelling the destination of 
the paths p G yk (when this destination is a complex node). 



An atomic embedded formula is an expression of the form Emb{p, ip)(ti, . . . , 
where t\, . . . ,tn are path terms and an embedded path expression Emb{p, ip) of 
arity n. Note that a Path formula p having n free variables can be “translated” 
by embedding p in false. The language of embedded formulas is denoted Emb- 
Path as an abbreviation of Emb(Path,Path). It leads to a graph query language 
in a straightforward manner by considering Graph(Emb-Path). 

Note that the above definition can be generalized in a standard way by al- 
lowing p and Ip to be embedded formulas themselves. In this case, the language 
of embedded formulas is called Emb(Emb-Path,Emb-Path). 

Example 5.1. Let us consider the introductory query example: the user is trying 
to gather all movie or tv-serie titles in the database no matter at which level 
of nesting they are. In order to write this query, we will use the Emb-Path 
expression Emb(p,ip) of arity one where: is U € title and ip is 'V 

The graph query which returns all the titles is written in Graph(Emb-Path) as: 

{ X I 3 Y Emb((p,'(/')(Y) A Y[X] } 

This graph query just extracts the subgraphs rooted at the destination of the 
paths Y satisfying the embedded formula Emb((/?, ip){Y). What kind of paths 
does the embedded formula select? Because the path formula is U G title, 
Emb((/3, Ip) returns embedded paths reduced to edges labelled by title. Because 
the path formula ip is 'V, all complex nodes are explored and unnested and thus 
Emb((p, Ip) returns all paths reduced to edges labelled by title and belonging 
to any level of nesting. 

Example 5.2. Let us consider a second example having the same structure as 
the previous one except for the formula ip which is now replaced by V G imdb. 
As in the previous example, because the path formula is U G title, Emb(:p, 
Ip) returns embedded paths reduced to edges labelled by title. However, now, 
because the path formula ip is V G. imdb, the only complex nodes explored and 
unnested are the one at the destination of an edge labelled by imdb. Thus Emb(<p, 
Ip) here returns all paths reduced to edges labelled by title and belonging to 
any embedded db-graph reachable by an edge labelled by imdb. 
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Note here that there is another slightly different way to define a graph query 
language (in the same style) . It consists in embedding a graph formula in a path 
formula instead of embedding a path formula in a path formula and linking it 
to a graph formula. 

Definition 5.2 (Emb(Graph,Path)). Let (fi be a Graph(Path) formula with 
n free graph variables Xi, . . . , X„ and let ip be a Path formula with one free path 
variable Y. Then Emb{(p,ip) (read (p is embedded in ip) is an embedded graph 
expression of arity n. An atomic formula of Emb( Graph, Path) is an expression 
of the form Emb{(p, ip)(ti, . . . , tn) where ti, . . . ,tn are graph terms. 

We do not develop the semantics of the language Emb(Graph, Path). The 
definition is similar as the one for Emb-Path. We simply illustrate it by the 
following example. 

Example 5.3. Let us consider the introductory example. It can be expressed in 
Emb(Graph, Path) by the query { X | Emb((^, i/;)(X) } where (p is title[Y] and 
Ip is V 



5.2 Expressiveness 

Let us now address the following question with respect to expressive power: how 
are related the path languages Nest-Path and Emb-Path when the depth of the 
db-graph is known. We first show that Emb-Path is subsumed by Nest-Path 
although in a rather weak sense. 



Theorem 5.1. For a given db-graph G whose depth is known we have: for 
each query qemb in Emb-Path, there exists a query quest in Nest-Path such that 
qemb(G) and quest (G) are equal. 

The result above does not imply the inclusion of Emb-Path into Nest-Path 
because the translation of the query qemb depends strongly on the queried db- 
graph G. In fact this result could be compared to the one showing that the 
transitive closure of a binary relation can be computed within the relational 
calculus as soon as one can use the number of tuples of the relation. 

Proof. Let k be the depth of G. 

The atomic embedded formula Emb{p, ip){Xi, . . . , Xu) can be simulated by the 
formula 



(jP(Xi , . . . , X^) 

V (3Vi) ( lP{M,) A Vi e Vi O q(Xi, . . . , x„) ) 

V (3Vi)(3V^) ( iP{M,) A Vi G Vi > r(V^) A G O q(Xi, . . . , X„) ) 



V(3Vi) . . . (3Vfe_ J ( iP{V,) A Vi G Vi O r(V^) A . . . Vfe_, G Vfe_, O q(Xi, . . . , X„) ) 
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q: {(U„...,U„) I V?} 
r : {(V) I V'} 

Concerning the inverse inclusion, proving that Nest-Path C Emb-Path remains 
an open question. In contrast to the preceding inclusion, this one would be strong. 
It would imply that the language Emb-Path enables at the same time (1) to write 
queries without having to know about the depth of the data to be retrieved, 
(2) to write queries exploring the db-graph at a given level of nesting. For the 
time being, even for a simple Nest-Path query like {X | (3U) X G imdbc>q(U)} 
where q is {Y | Y G title}, we have no translation in Emb-Path neither a proof 
showing that it cannot be translated. The difficulty that arises here is finding a 
mechanism that stops embedding at a specific level of nesting. 



6 Concluding Remarks 

To conclude we would like to stress that although the current paper does not ad- 
dress it, the problem of restricting the languages to tractable queries i.e. queries 
computable in polynomial time has been investigated in [15]. To illustrate the 
problem let us consider the path query {X j X} which returns all simple paths in 
a db-graph. For instance suppose that the db-graph nodes are 1,2,..., 2n, and 
its edges are from i to i+1 and z-|-2, for i = 1, . . . , 2n — 2. Thus the db-graph has 
0(2") simple paths from node 1 to node 2n. This entails that the evaluation of 
the query {X j X} is not polynomial. In order to avoid such situation, syntactic 
restrictions can be used (see [15, 11]). 

We are currently studying the open problem mentioned in the previous sec- 
tion. As a matter of fact, we separate the problem into couple of questions: fij 
is Nest-Path included in Emb-Path=Emb(Path,Path)? fnj is Nest-Path includ- 
ed in Emb(Emb(Path),Emb(Path))? finj how Emb(Graph,Path) is related to 
Graph(Emb-Path)? 
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Abstract. Based on F-logic, we specify an advanced data model with 
object-oriented and logic-oriented features that substantially extend the 
relational approach. For this model we exhibit and study the counter- 
part to the well-known decomposition of a relation scheme according to 
a nontrivial nonkey functional dependency. For decomposing a class of a 
database schema the transformation pivoting is used. Pivoting separates 
apart some attributes of the class into a newly generated class. This new 
class is declared to be a subclass of the result class of the so-called pivot 
attribute. Moreover the pivot attribute provides the link between the 
original class and the new subclass. We identify the conditions for the 
result of pivoting being equivalent with its input: the expressive power 
of path functional dependencies, the validity of the path functional de- 
pendency between the pivot attribute and the transplanted attributes, 
and the validity of the onto-constraint guaranteeing that values for the 
transplanted attributes can be referenced from the remaining part of the 
original class. 



1 The Problem: An Introduction into Decomposition 

The theory of database schema design (see any suitable database textbook or [10, 
2,1,3]) aims at formally characterizing “good” schemas and at inventing algo- 
rithms to test and to improve the quality of a given schema. Semantic constraints 
play a key role for both tasks. On the one side, semantic constraints are purely 
syntactic items, and as such they can be algorithmically examined and manip- 
ulated by the schema administrator at design time. On the other side, they 
represent the collection of all instances of the schema, and as such they essen- 
tially determine the performance of the database application during its future 
lifetime. As a general heuristic, a schema is considered “good” if it consists of 
atomic and independent components where atomicity and independence are ex- 
pressed relative to the features of the data model, in particular, of the available 
semantic constraints. Accordingly, the semantic constraints of a schema can indi- 
cate whether there are still compound components and how to decompose them 
into simpler ones. 
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In the past, this approach has been successfully elaborated for the relational 
data model where, roughly simplified, the features are restricted to flat relation 
schemes, functional dependencies and some kinds of inclusion dependencies. Here 
a relation scheme is considered to be compound (not in “normal form”) if it 
contains a nontrivial nonkey functional dependency, and a compound scheme 
can be decomposed by separating apart the left-hand side of such a dependency 
with some or all attributes of its implicational closure. With the advent of more 
powerful data models, we are challenged to extend the insight gained for the 
relational model for the new models. 

This paper contributes a fundamental response to this challenge for an ad- 
vanced data model with object-oriented and logic-oriented features. For the sake 
of presentation, the model is based on F-logic [8] but the response is appli- 
cable to any similarly powerful model. Basically, the model combines object- 
orientation (allowing in particular class declarations with signatures, class hi- 
erarchies with inheritance, scalar attributes and object identifiers) with deduc- 
tive capabilities for query processing and enforcement of semantic constraints, 
both of which allow to navigate along arbitrary paths (sequences of attributes) 
in the schema. Thus, besides some built-in semantic constraints and further 
application-dependent constraints, the model supports arbitrary path functional 
dependencies [14, 15] which significantly generalize the functional dependencies 
as known from the relational model. A path functional dependency of syntac- 
tic form c(pi---pk Pk+i'''Pn) declares that whenever the path-functions 
Pi • • - Pk in the left-hand side applied to two different objects of class c return 
the same objects, respectively, so do the path-functions Pk+i • • • Pn in right-hand 
side. Path functional dependencies are a powerful means to describe sophisticat- 
ed application semantics yet in general demand for extensive computations to 
enforce them. 

The expressive power of path functional dependencies is also strong enough 
to avoid the well-know problem of relation schemes with functional dependencies 
all nontrivial lossless decompositions of which are not dependency preserving. As 
an example consider the relation scheme R = {A, B,C, D, E} with functional 
dependencies {A — > CD,B CE}. If, for instance, we separate apart the 
attributes of A ^ CD, the original scheme is decomposed into relation schemes 
S = {A, C, U} and T = {A,B,E} none of which can embody the functional 
dependency B ^ C. 

To state this semantic constraint in the decomposed schema, we basically 
would have to say that whenever two tuples for T agree on the H-value, two 
tuples for S that agree on their A-values with the A-values of the tuples for T 
have to agree on their C-value. In our advanced data model such a statement 
can be captured by a path functional dependency ct{-B .A.C) where the 
class ct corresponds to the scheme T, and A.C is a path which starts at class ct 
and passes the class eg corresponding to scheme S via attribute A. Additionally, 
in the relational model, we would need inclusion dependencies to ensure the 
existence of matching tuples. In our advanced data model such conditions are 
expressed by an interplay between built-in object-oriented features and so-called 
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onto constraints [13]. An onto constraint of syntactic form c{m \ Cm} is used to 
guarantee that every object v of class Cm is referenced by some object o of class c 
via attribute m, i.e., if the attribute m is considered as a path-function of length 
1 with domain c and range Cm, then this function is required to be surjective 
(onto). 

So, given our advanced data model as an extension of the simple relational 
model, we can ask for also extending the above mentioned known results on 
decomposing compound relation schemes. Our earlier work [4-6] has already 
given some preliminary and partial answers which can be summarized as follows. 

First, we have to identify an appropriate notion of decomposition. In the rela- 
tional model decomposition is formally done by the operation of taking multiple 
projections: in the simplest case, a first projection separates apart the attributes 
of the nonkey functional dependency under consideration by introducing a new 
relation scheme, and a second projection retains the left-hand side of the func- 
tional dependency and all remaining attributes in the original scheme. Thus, 
in some sense, the second projection preserves the essential part of the origi- 
nal scheme, some (only “transitively dependent” ) attributes of which have been 
shifted into the first projection. This view motivated the introduction of the 
operation pivoting for decomposition in the advanced data model. Roughly s- 
peaking, pivoting transplants some attributes of a class to a newly generated 
subclass of another class. The new subclass plays the role of the first projection. 

Second, as in the relational case, also for pivoting all original semantic con- 
straints have to be adjusted. However, if we are restricted to use only functional 
dependencies, then the analysis of [6] confirmed that the problem of decomposi- 
tions that are not dependency preserving arises again. But fortunately, at least 
we could precisely characterize the well behaving cases. 

Now, for our advanced data model this paper studies the decomposition of 
classes by pivoting allowing arbitrary path functional dependencies and onto 
constraints. Thereby the paper contributes a fully exhaustive and fundamental 
response to the challenge of extending the classical results on relational decom- 
positions. This response is semi-formally outlined in more detail in the following 
Sect. 2. Then, assuming an intuitive understanding of the sophisticated formalis- 
m of the full data model, in Sect. 3 we sketch the proofs of our formal theorems. 



2 The Solution: A Semi-formal Outline 

2.1 F-Logic 

We base our advanced data model with object-oriented and logic-oriented fea- 
tures on F-logic [8] because of its precise syntax and semantics combined with 
high flexibility. Its flexibility facilitates to define appropriate formal notions for 
the concepts needed, in particular for schema, instances, semantic constraints, 
schema equivalence and schema transformations. Its precision allows to state 
and to prove formal theorems. F-logic can be considered as a tailored version of 
predicate logic, and, accordingly, it plays the same role for our advanced data 
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model as generic predicate logic for the relational model. Assuming the read- 
er’s familiarity with predicate logic and with object-oriented and logic-oriented 
database features, we refrain from presenting all formal details of our data model 
(which can be found in [11]) but rather expose only a rough outline. 

2.2 Schema and Instances 

For using F-logic we assume a fixed set of object constructors T . Tq d T denotes 

the set of constant symbols, and denotes the Herbrand base, i.e. the set 

of the ground molecules constructed from T and the built-in predicate symbols. 
A data model describes two things, the schema and its possible instances. 

Definition 2.1 (Schema). A schema D is of the form 

D = ( CLgUATgUHRgUSGp | SCd) 

with the following finite sets 

— a set of constants, GLd C Tq, for class names, 

— a set of constants, AT^ C Tq, for attribute names, 

— a set of ground class is-a assertions, HR/j C {c :: d | c, d G GLd}, to form 
the class hierarchy, 

— a set of ground object molecules consisting only of scalar signature expres- 
sions. 



SGd C {c[a r] | c, r G CLd, a G AT d} , 

to declare signatures for classes and attributes, and 
— a set of sentences, SCd, as semantic constraints to restrict the set of allowed 
instances. 

The classes in a schema form a hierarchy given by the set HR^i of class is-a 
assertions. We demand that the class hierarchy is acyclic throughout this work. 
On classes we declare attributes and their signatures by means of the set SG d of 
object molecules with signature expressions. Due to the semantics of inheritance 
these signature declarations are inherited to subclasses. The set SCd of sentences 
contains the application-dependent semantic constraints, which restrict the data 
stored under a schema to meaningful data. 

Example 2.1. Suppose we have to formalise a relationship set for administrating 
telecommunication costs in an environment with entity sets for faculty member- 
s, phone equipments and schools which are grouped into departments. A (not 
necessarily good) formalization is obtained by giving the entity sets as well as 
the relationship set the status of a class. Then an object of the relationship class 
represents a specific relationship among some objects of the entity classes. This 
representation is achieved by referencing the entity objects involved by the at- 
tributes of the relationship object. More formally, we consider a schema ADM 
with the following structural components: 
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GLadm '■= {Phone-admin, Faculty, School, Phone, Department} 

ATadm := (fac.sch, ph,dep| 

HRadm := 0 

SGadm '■= |Phone-admin[fac Faculty; sch ^ School; 

ph ^ Phone; dep ^ Department]} 

The semantic constraints SC ad m are specified later on in Sect. 2.3. 

Sometimes we add to a given schema D new semantic constraints <P. We 
denote this addition by D LI 

DL^:= (STd I SCd U<l>) . 

Besides the application-dependent constraints we also use a set AX of built-in 
axioms: As we usually want syntactically different things to be semantically 
different as well, we use unique-name axioms UN [12] for this purpose. In ad- 
dition, attributes should always return a value if the attributes are declared for 
an object. A fact that is ensured by the not-null axiom NN. The connection 
between signature expressions and data expressions is ensured by the presence 
of well-typedness axioms WT. 

Later on we are often interested in the set of attributes declared for a class 
and in attributes that are declared for exactly one class. 

Definition 2.2 ((Proper) Attribute). Let D he a schema. 

— The set {a j HRd U SGd H c[a =1* ()]} of attributes for a class c is denoted 
At£i(c). 

— An attribute a G AT /5 is called a proper attribute for a class c G CL^i :ijf 
SGd ]= c[a ()] and SG/j ^ <i[a ()] holds for all classes d G GLd with 
d^ c. 

Having described a schema, we come to the data, which is the objects popu- 
lating classes and their attribute values. Both aspects are formalised as formulae, 
which we separate according to their nature, object is-a assertions for class pop- 
ulations and scalar data atoms for attribute value definitions. 

Definition 2.3 (Extension). An extension / G ext(D) of a schema D is of 
the form f = {pPf \ ob/) with the following sets 

— a set of ground object is-a assertions, 

ppy C {0 : c 1 o G \ (GLd U ATd),c G GLo} , 
populating classes, and 

— a set of ground object molecules with only scalar data expressions, 

ob/ C |o[a ^ u] 1 o, w G iFg \ (GL^i U AT£i),a G AT^i} , 



for the definition of attribute values for objects. 
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A completion of an extension under a schema comprises all that can be 
deduced from the extension and the schema, in this case ground molecules. 

Definition 2.4 (Completion). Let f be an extension of a schema D. The com- 
pletion of the extension f under the schema D is comply, (/) := {t G TLB{T) \ 
ST D U ppy U ob/ \= r}. 

Completions are the smallest H- models of the union ST^i U ppy U ob/. 

An instance is an extension of a schema that obeys the semantic constraints 
given in the schema. In addition, instances or better their completions must 
satisfy unique-name, not-null and well-typedness axioms. 

Definition 2.5 (Instance). Let f he an extension of a schema D. Then the 
extension f is called a(n) (allowed) instance of the schema D, f G sat(D), if 
compl 23 (/) is an H-model of the axioms AX and the semantic constraints SCd- 



2.3 Path Functional Dependencies and Onto Constraints 

For our study on decompositions we consider two kinds of application-dependent 
semantic constraints, path functional dependencies and onto constraints. 

Path functional dependencies [14, 15] generalize functional dependencies. 
While, in the relational context, a functional dependency relates some of the 
attribute values contained in a tuple, in the object-oriented context, a path 
functional dependency relates some of the objects reachable by path-functions 
from an object. Here a path- function p = .m\ ■ ■ ■ .mf for a class c is given by 
a sequence of attributes which is well-defined relative to the declarations of 
the schema D. The set of all path- functions starting at class c, including the 
“this-path” .Id, is denoted by PathFuncsi)(c). 

Definition 2.6 (Path Functional Dependency). Let D be a database sche- 
ma, and c G CLd be a class. 

Syntax: A path functional dependency for the class c over the schema D is of 
the form 



c{pi ■■■Pk ^ Pfc-i-i ■■■Pn) , 

where 0 < k < n, and where pi G PathFuncszj(c) for i G {1, . ■ . ,n}. 
Semantics: To define that an extension satisfies a path functional dependency, 
we can construct F-sentences which roughly express the following statement: 
If for two argument objects x and y the path-functions pi, . ■ . ,Pk all yield the 
same result objects, respectively, and any of the path-functions p G {pk-i-i, 
. . . ,Pn} is defined for one of the argument objects, then it is also defined for 
the other argument object, and the returned result objects are the same. 

The set of (F-sentences for) path functional dependencies in SCd is denoted by 
PFDd. 
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Onto constraints can be considered as a special kind of inclusion constraints, 
as known in the relational model. Generally, inclusion constraints are employed 
to express certain interrelational conditions, like for foreign keys. In object- 
oriented models, some of these conditions are built-in or captured by axioms 
like the not-null axiom. Others have to be made explicit, in particular the con- 
dition of an onto constraint that every object v of class Cm is referenced by some 
object o of class c via attribute m. Such a condition, first mentioned in [13], 
can be used to form the class Cm as a subclass of some further class Cp by com- 
prehending the pertinent subpopulation of Cp, namely just those objects of Cp 
which are attainable from class c via the attribute m. Indeed, such conditions are 
crucial for separating apart some aspects of the class c into a newly generated 
subclass, here Cm- 

Definition 2.7 (Onto Constraint). Let D he a database schema, and c G 
CLd be a class. 

Syntax: An onto constraint for the class c over the schema D is of the form 
c{m I Cm}, where m G Ato(c) is an attribute for c and Cm G GLu is a class. 
Semantics: To define that an extension satisfies an onto constraint, we can 
construct an F-sentence which expresses the condition given above. 

The set of (F-sentences for) onto constraints in SGd is denoted by OCd. 

Example 2.2. For our example database schema ADM we declare some simple 
path functional dependencies all path-functions of which have length one or 
length zero: 



SC adm ■= AX U 



{Phone-admin(.fac - 


.sch). 


Phone-admin(.fac - 


-> .ph). 


Phone-admin(.sch - 


.dep). 


Phone-admin(.ph — 


^ .dep). 


Phone-admin(.fac 


.sch .ph 



.dep ^ .Id)} 



Up to now there are no onto constraints. Such a constraint will be introduced 
in Sect. 2.5. 



As usual, having explicitly declared a set of path functional dependencies and 
onto constraints for a schema, we are interested in all further implied constraints 
of the same kinds. 



Definition 2.8 (Implicational Closure). Let D be a database schema with 
application- dependent constraints SCd. The closure of the set SCd (with respect 
to D), written SC[^^, is the set of all constraints f over the schema D, where 
sat(D) c sat(D U {^}). 
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In order to handle constraints and their closures algorithmically, we need a 
correct and complete set of inference rules to infer further constraints from given 
ones. For path functional dependencies alone, such rules are already exhibited 
in [14,15], and [13] suggests a further rule to deal with situations as described 
by onto constraints. Finally, in [7, 11] we embed all these rules into our advanced 
data model, add some further rules for dealing with inclusion of class populations 
and then prove their correctness as well as their completeness, provided the class 
hierarchy of the schema obeys some minor restriction. 



2.4 Equivalence of Schemas 

In this paper we are mainly concerned with the decomposition of classes, more 
generally with transforming a given schema S into a (hopefully) improved schema 
T. Surely, in order to be useful the new schema T should at least “capture the 
intended application semantics” of the original schema S. This intuitive require- 
ment has been formalized in seemingly different though essentially equivalent 
ways, as discussed for instance in [1, 11,9]. For the purpose of our investigations, 
we found the following formalization most appropriate. Basically, this formaliza- 
tion requires that the original schema is “supported” as a view of the transformed 
schema. Here a view is provided by a query which returns extensions of the o- 
riginal schema S when applied to instances of the transformed schema T. We 
distinguish three degrees of “support” depending on the set theoretical relation- 
ship between the set of instances of the original schema and the set of query 
results. 

The following formal definition is based on the skipped formal syntax and 
semantics of a class of simple queries. Roughly sketched, a query Q is a set of 
F-Horn-rules, Q C {H < — B \ H < — B is an F-Horn-rule}, that when applied 
to an extension / of a schema D returns all nonrecursive implications according 
to Q, 



evalniQ,/) := (J {v{H) \ compl^(/) 1=^ Bj . 

H ‘. — BeQ 

Definition 2.9 (View Instance Support). 

— A schema T provides view instance support for a schema S if there exists a 
query Q such that 

{compl 5 (/s) I fs e sat(S')} C {compl 5 (evalT(Q, / t)) | fr G sat(T)} . 

— If we have equality, the view instance support is called faithful. 

— If additionally the supporting query Q is injective on the saturated elements 
o/sat(T), i. e., if evalriQ, f) = evalT(Q,/0> then complrp{f) = compl-p(/'), 
the view instance support is called unique. 
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2.5 Decomposition of Classes by Pivoting 

Having presented our advanced data model so far, we are finally ready to for- 
mally present the central topic of this paper, namely the schema transformation 
pivoting which can be used to decompose a class under path functional depen- 
dencies and onto constraints. 

Pivoting comprises three actions. First, it decomposes a class c of a schema S 
by transplanting some of its attributes, those of M, to a newly generated subclass 
p of another class Cp which is the unique result class of a further attribute of class 
c, the so-called pivot attribute rup. Figure 1 visualizes the structure of an object 
of class c before the decomposition, and Fig. 2 shows the effect of transplanting 
the pivoted attributes. Second, it adjusts the original semantic constraints of 
S according to the transplantation of the pivoted attributes. Third, it provides 
appropriate queries for treating the original schema as a view of the pivoted 
schema, and vice versa. These actions are formalized by the following definition. 
Subsequently, in the next subsection, we characterize those parameters of piv- 
oting which guarantee that the resulting pivoted schema T “uniquely supports” 
the input schema S. 



pivot 

attribute 

c[?Tlp Cp , 



pivoted other 

attributes attributes 

, 7TL Cm , . . . , ... ] 

M 



:c -Cp 




Fig. 1. Visualization of an object of class c with pivot attribute nip and pivoted at- 
tributes M together with the directly accessible objects. 
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pivot 

attribute 

cl^TTlp = 7 ^ Cp , 



pivoted 

attributes 




, other attributes] 



p :: Cp [. . . , cjrnpjrn ^ Cm, ■ ■ ■] 



with c{mp I p} 



:c -P 




Fig. 2. Visualization of the transformed objects where the attributes m £ M are trans- 
planted to the referenced object of the new subclass p of Cp. 



Definition 2.10 (Pivoting). Let S be a schema, p he a constant symbol not 
used elsewhere, c € CLg he a class, M C Ats(c) be a set of proper attributes 
for class c, and mp G (Ats(c) \M) be a proper attribute for class c, called pivot 
attribute, with the unique result class Cp, called pivot class. 

We assume that c{mp \ Cp} ^ otherwise we do not have to introduce the 

class p. Then the pivoted schema T := (CLt U ATt U HRt U SGt | SCt) is 
obtained as follows: 

— For introducing a new subclass, we add the constant symbol p to the set of 
classes. 



CLt := CLs U {p} , 

and we make the new class p a subclass of the pivot class Cp, 

HRt := HRs U {p :: Cp} . 

— For transplanting attributes, we introduce new attributes and remove the 
obsolescent ones. The constant symbols for denoting these new attributes are 
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chosen in a way that it is possible to keep track of the transformation process 
and avoid name clashes with already existing symbols, 

ATt := (ATs \ M) U {c-iTip-m \ m G M} , 

and we add appropriate signatures p[cjmpjm ^ Cm] for all attributes m G M 
and for their result classes Cm, 

{p[cjmpjm ^ Cm] I m G M and SGg ^ c[m Cm]} , 

and, accordingly, we remove the obsolescent signatures for class c of the form 
c[m ^ Cm] for all attributes to G M U {nip} and their result classes Cm, 

SGs \ {c[to Cm] I TO G M U {to-pI and Cm G GLs} . 

Finally we add the signature c[mp p] in order to enable navigation to the 
new subclass p, and further onto the pivoted attributes, from the class c, 

{c[TOp ^p]} . 

Thus the new signatures are summarised as 

SGt := {p[c_TOp_TO Cm] I TO G M and SGg |= c[m ^ Cm]} U 
SGs \ {c[m ^ Cm] I TO G M U {nip} and Cm G GLg} U 
{c[mp ^p]} ■ 

— For adjusting the semantic constraints, we replace the obsolescent attributes 
TO G M with the new navigational paths nip.cjmpjm wherever they occur in 
the set of path functional dependencies, 

PFDt := PFDs[to-p.c_TOp_to/to | to G M] . 

Correspondingly, for an onto constraint of the form c{m \ Cm} with an ob- 
solescent attribute m, we replace the class c with the new subclass p and 
the attribute m with the new attribute cjmpjm. We add the onto constraint 
c{mp \p} as a means to ensure the equivalence of both schemas. 

OCt ■= {p{c_TOp_TO I Cm} I TO G M and c{m \ Cm} G OGs} U 
{d{m I Cm} G OGs I w ^ M} U 
{c{mp I p}} . 

For treating the original schema S as a view on the pivoted schema T, we de- 
fine a query Qt^s that collapses the new navigational path mp.cjnipjm to the 
obsolescent attribute m, for to G M, and suppresses objects of the new subclass 
p, while leaving the rest of an instance unchanged, 

Qt^S •= {O '■ d < — O : d \ d G GLs} U 

{0[m — > i?] < — 0[to — > i?] I to G (ATs \ M)| U 
{0[m — > R] < — O : c[mp — > P] A P : p[c_TOp_TO - 



( 1 ) 

(2) 

P] I TO G M| .(3) 
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For treating the pivoted schema T as a view on the original schema S, we define a 
query Qs^t that retains the class population and the values for most attributes. 
The obsolescent attributes and their values are transplanted to the pivot class p 
and its objects, respectively. This class is populated with objects of class Cp that 
are referenced by an object of class c via the pivot attribute mp. 

Qs^t ■= {O : d < — O : d \ d G CL5} U (4) 

{0[m^R]< — 0[m^ R]\mG {AT s\M)}U (5) 

{P : p[cjmpjm R] < — O : c[mp ^ P;m ^ R] \ m G M} (6) 

Finally, we define the tuple piv{S,p,c,M.,rrip) := {T,Qt^s,Qs^t)- 

Example 2.3. To demonstrate pivoting, we perform it on class Phone-admin of 
the schema ADM with pivot attribute fac. In order to simplify, we first reduce 
the left-hand side of the key path functional dependency 

Phone-admin(.fac .sch .ph .dep ^ .Id) 

to .fac and get the key path functional dependency 

Phone-admin(.fac — > .Id) . 

The reduction is possible, because the attribute fac determines all other at- 
tributes functionally. 

The pivot class is the class Faculty. As pivoted attributes we choose the 
attributes sch and dep. To render the example more readable, we do not introduce 
the cryptic names of attributes. Instead we use the original names. As subclass 
for the pivot class Faculty we introduce the class Phoning-faculty. It is populated 
with the objects that are referenced by Phone-admin-objects via attribute fac. 
The outcome is then the schema ADMp with 



CLadMp 

AAadmp 

ARadmp 

SGadmp 



SCadmp 



{Phone-admin, Faculty, Phoning-faculty, School, Phone, Department} 
(fac, sch, ph, dep} 

{Phoning-faculty:: Faculty} 

{Phone-admin[fac ^ Phoning-faculty; ph Phone], 
Phoning-faculty[sch ^ School; dep Department] } 

AXU 

{Phone-admin(.fac — > .fac. sch), 

Phone-admin(.fac .ph), 

Phone-admin(.fac.sch ^ .fac. dep), 

Phone-admin(.ph ^ .fac. dep), 

Phone-admin(.fac ^ .Id), 

Phone-admin{fac j Phoning-faculty}} . 



The transformation pivoting removes in the class Phone-admin the declara- 
tions for the attributes sch and dep. These declarations occur again as decla- 
rations for the class Phoning-faculty. This change in the signature declarations 
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has to be reflected by the path functional dependencies. For example, whenever 
the path function .sch appears in a path functional dependency, we replace it 
by the path function .fac.sch. This replacement is done for the path functional 
dependency 



Phone-admin(.fac .sch) 
and leads to the path functional dependency 

Phone-admin(.fac — > .fac.sch) . 

We do not have to change any onto constraints in this example, because there 
is no onto constraint in the original schema. But we have to introduce the onto 
constraint 



Phone-admin{fac | Phoning-faculty} . 



2.6 Equivalence of Pivoted Schema 

At design time a schema administrator has to decide on whether pivoting a giv- 
en schema is useful or not. As argued before, a necessary condition is that the 
pivoted schema “supports” the original one. This condition has been formalized 
in terms of the instances of the schemas under consideration. These instances, 
however, are not explicitly available at design time. Rather the administrator 
can only deal with the purely syntactic items given in the schemas. In particular 
he can investigate the consequences of the semantic constraints. The following 
theorem precisely tells the schema administrator which property the semantic 
constraints must satisfy. This property is stated in terms of the implication- 
al closure of the semantic constraints involved, and thus it is algorithmically 
tractable. 

The theorem provides a fundamental response to the decomposition prob- 
lem for advanced data models. Moreover, it nicely generalizes and extends the 
corresponding result for the simple relational model. For the relational mod- 
el, it is well-known that the attributes transplanted apart into a new relation 
scheme should be functionally dependent on the attributes retained in the o- 
riginal scheme. More precisely, if the nonkey functional dependency A ^ M is 
used for the decomposition, then the attributes of the right-hand side V are 
transplanted apart, together with the attributes of the left-hand side X. The 
latter are also retained in the original scheme in order to allow a reconstruc- 
tion using X as join attributes. A “lossless” reconstruction is just guaranteed 
by the validity of the functional dependency, or, speaking otherwise, by the at- 
tributes transplanted apart being in the implicational closure of the connecting 
join attributes. The announced theorem exhibits a corresponding property for 
the object-oriented context, where the pivot attribute rrip plays the role of the 
join attributes X in the relational context. Moreover, now the decomposition 
is not only “lossless” but also “dependency preserving”, due to the expressive 
power of path functional dependencies. 
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Theorem 2.1 (Equivalence). Let S be a schema, and the vector {T,Qt^s, 
Qs^t) ■= piv(S', p, c, M, mp) be the outcome of pivoting the schema S. Then the 
following statements are equivalent. 

1. c{.mp M) G SCg® , i.e., all pivoted attributes are functionally dependent 
on the pivot attribute. 

2. The schema T provides unique view instance support for the schema S with 
supporting query Qt^s- 

3. The schema S provides unique view instance support for the schema T with 
supporting query Qs^t- 

2.7 Simplifying a Pivoted Schema 

Knowing when a pivoted schema T is equivalent to the original schema S, we 
can start to compare the quality of both schemas. 

First, pivoting removes (potential) redundancy, and thus ameliorates the ef- 
ficiency of constraint enforcement, since the attribute values of the pivoted at- 
tributes c_TOp_TO, m G M, for an object Op of the new subclass p can be shared. 
Here sharing occurs among all objects o of the class c which reference Op via 
the pivot attribute rrip. Clearly, sharing actually pays off only if Op is referenced 
by more than just one object of c. Surely, this cannot happen if the pivot at- 
tribute TOp is a key for the class c. Thus, pivoting should be applied only if 
c{.rrip — > M) G SCj® is a nonkey path functional dependency. This advice for 
our data model exactly corresponds to the normalization procedures in the rela- 
tional framework where a relation scheme is decomposed if it is not in “normal 
form” (saying that a nontrivial nonkey functional dependency is implied) . 

Second, pivoting adjusts path functional dependencies by formally replacing 
a simple obsolescent attribute m with the new navigational path mp.cjmpjm, and 
thus, at first glance, pivoting appears to deteriorate the efficiency of constraint 
enforcement. A second thought, however, reveals that deterioration will rarely 
happen, hopefully, since the formally adjusted path functional dependencies can 
be simplified as follows: 

— We completely remove path functional dependencies that stem from path 
functional dependencies of the form c{L — > R) where {.Wp} C L C {.TOp}UM 
and RcM (because these are naturally supported, see [5]). 

— We simplify path functional dependencies that stem from path functional 
dependencies of the form c{L R) where L U i? C M, by making them a 
constraint of the new subclass p and, accordingly, deleting all occurrences of 
the prefix .Wp. 

Let denote the resulting schema by sim(S',p, c, M, mp). The following theo- 
rem states that we can always use the simplified schema instead of the pivoted 
schema. Thus we can hope that amelioration prevails. 

Theorem 2.2 (Equivalence of Simplified Schemas). Let S be a schema, 
and the vector {T,Qt^s,Qs^t) '■= piv(S', p, c, M, mp) be the outcome of pivot- 
ing the schema S. Then the schema T provides unique view instance support for 
the schema sim(S', p, c, M, mp) with supporting query idg and vice versa. 
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Example 2. 4- Looking at the semantic constraints of the schema ADMp reveals 
that the path functional dependency 

Phone-admin(.fac — ^ .fac.sch) (7) 

is redundant because it can be derived from the trivial path functional depen- 
dency 

Phoning-faculty(.Id — > .sch) , 

which in turn can be derived from (7) and the onto constraint 
Phone-admin{fac | Phoning-faculty} 

by “simple prefix reduction”. In fact, each path functional dependency in the 
original schema of the form 

Phone-admin(.fac .m) 

with m a pivoted attribute is transformed into a path functional dependency 

Phone-admin(.fac .fac.m) , 

which is redundant in the pivoted schema. Furthermore, the path functional 
dependency 

Phone-admin(. fac.sch — ^ .fac.dep) 

can be simplified to 

Phoning-faculty(.sch ^ .dep) 

2.8 Pivoting with Functional Dependencies Only 

Although in general pivoting might increase the path length of path functional 
dependencies, by adding the pivot attribute rrip as a prefix, in most practical 
cases simplification is hoped to actually avoid such an increase. In particular, 
when the original schema S comprises only normal functional dependencies (i.e. 
all path functional dependencies have only path-functions of length 1), then 
simplification will come up with functional dependencies again in many cases. 
But not in all cases, as demonstrated by the example in the introductory sec- 
tion. A precise characterization of the good cases has already been provided by 
Theorem 6 of [6]. This characterization is fully expressed by properties of the 
implicational closure of the semantic constraints. 

2.9 Recursive Pivoting 

In [6] we have also studied the options to apply pivoting recursively in order 
to achieve natural enforcement of all functional constraints, i.e. to get rid of all 
functional dependencies by the simplification of pivoted schemas. The outline of 
results, as presented in [6], has been further refined in [11]. A full treatment of 
this topic is beyond the scope of this paper. 
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3 The Justification: Proofs for Formal Theorems 

For the sake of distinctness, the following proof sketches sometimes blur the 
subtle distinction between an extension / and its completion. 

In order to justify Theorem 2.1, i.e. the conditions for a pivoted schema T 
supporting the original schema S, we have to relate the following sets: 

{compl_g(/s) I fs € sat(S')} , for the original schema S, and (8) 

{compl_g(evalT(QT^S, /r)) | /t G sat(T)}, for the pivoted schema T. (9) 

We first note that the query Qt^s always yields an instance of the original 
schema, i.e. we have the following inclusion: 

Lemma 3.1. 

{compls(/s) I fs e Saifs')} D {complsfevalrfQT^s, /t)) | /t G sat(T)} (10) 

Proof. Let fr G sat(T) be an instance of the schema T, and recall the form of 
the query Qt^s- While the rules in (1) and (2) merely copy data (either objects 
or their attributes values), the rules in (3) perform somewhat more. Nevertheless 
it is easy to see that the image evalriQT^s, fr) is an extension of the schema 
S, and its completion complgfevalTfQr^Sj /t)) satisfies the built-in axioms 
AX. Moreover, it also satisfies all application-dependent constraints, i.e. all onto 
constraints and path functional dependencies of the original schema S, because a 
corresponding onto constraint or path functional dependency has been generated 
for the pivoted schema T and is satisfied by the completion comply (/t). 

Note that we need the expressive power of path functional dependencies in 
order to generate all constraints required for T. □ 

So the crucial property of support, and then even for faithful support, is 
the inverse of the inclusion stated in the preceding lemma. Basically, the crucial 
inclusion means that the query Qt^s restricted to sat(T) is surjective with 
respect to satfS”). This surjectivity in turn is well-known to be equivalent with 
the existence of a function Q on sat(S') such that Q followed by the restricted 
Qt^S is the identity. Clearly, the query Qs^t is the canonical candidate for 
the role of Q. Indeed we have the following equivalence. 

Lemma 3.2. 

{compls(/s) I fs G sat(S')} C {compls(evalT(QT^S, /t)) | /t G sat(T)} (11) 
if and only if 



c{.mp 



M) e SC+®. 



(12) 
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Proof. Consider the query Qs^t- Then we have for all instances fs € sat(S'): 
Qs^t applied to fs yields an instance of T 
iff for all data generated by (6) the unique-name axioms hold 
iff fs satisfies c{.mp M). 

From this equivalence we easily derive the equivalence stated in the lemma. 

□ 

Now, if both properties of the preceding lemma are valid, then the queries 
Qt^S and Qs^t are actually full inverses of each other, since we have added 
the onto constraint c{mp \ p} to T. More precisely: 

Lemma 3.3. Qt^s restricted to sat(T) is injective (on the saturated elements). 

Proof. Since rules in (1) and (2) merely copy data, they cannot violate injectivity. 
Thus, only rules in (3) could cause a violation if there existed an object Op in 
the new subclass p, Op : p, which is not referenced by any object Oc in the class 
c, Oc '. c, via the pivot attribute rup. However, this unhappy situation has been 
excluded by adding the onto constraint c{m,p \ p}. □ 

The lemmas and the reasoning so far indicate that the first and the second 
statement of Theorem 2.1 are equivalent. Furthermore, if they both hold then 
Qt^S and Qs^t can be proven to be fully inverses indeed. This shows that the 
second statement implies the third statement. The inverse implication can be 
verified by carefully elaborating the observation that Qt^s and Qs^t are the 
canonical candidates for being inverses to each other, i.e., basically, the former 
is a bijection iff the latter is the inverse bijection. 

Concerning Theorem 2.2 we only note that we can infer the simplified path 
functional dependencies of the schema sim(S',p, c, M, rup) from those of the piv- 
oted schema, and vice versa, using the inferential system studied in [7, 1 1] . For 
the former direction, we employ the inference rule of “simple prefix reduction” 
which requires the onto constraint c{mp \ p} added to the pivoted schema. For 
the latter direction, basically we have to combine the inference rules of “simple 
prefix augmentation” with further auxiliarily used rules. 

4 Summary and Conclusions 

We specified an advanced data model with object-oriented and logic-oriented 
features that substantially extend the relational approach. For this model we 
exhibited and studied the counterpart to the well-known decomposition of a 
relation scheme according to a nontrivial nonkey functional dependency. 

For decomposing a class of a database schema the transformation pivoting 
can be used. Pivoting separates apart some attributes of a class to a newly 
generated class. This new class is declared to be a subclass of the result class 
of the so-called pivot attribute. Moreover the pivot attribute provides the link 
between the original class and the new subclass. 

We identified the conditions for the result of pivoting being equivalent to its 
input. Basically, we need three features: 
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~ The expressive power of path functional dependencies allowing to capture 
connections between classes, in order to be able to transform all original 
constraints (see Lemma 3.1). 

— The validity of the path functional dependency between the pivot attribute 
and the transplanted attributes, in order to achieve support of the original 
schema (see Lemma 3.2). 

~ The validity of the onto constraint guaranteeing that values for the trans- 
planted attributes can be referenced from the remaining part of the original 
class, in order to make the support of the original schema unique and to 
simplify the pivoted schema (see Lemma 3.3 and Theorem 2.2). 

The decompositions studied in this paper have a special form: First, the 
link between the original class c and the new subclass p is provided by just 
one attribute, the pivot attribute nip. Second, the decomposition produces two 
components (with the option of further decompositions by recursion) . 

From the relational context we know that in some cases more decompositions 
are possible which are not covered by the special ones. 

First, the relational link consists of the join attributes, which are specified 
by the left-hand side of the nonkey functional dependency under consideration. 
Clearly this link can comprise several attributes. If we want to simulate such 
cases with pivoting, we first have to lift a value tuple for the join attributes 
into the status of an object, i.e. on the schema level to introduce an appropriate 
class. Then the new compound objects could be referenced by a single suitably 
adapted pivot attribute, which would serve as the link needed to simulate the 
join. 

Second, in general relational decompositions are characterized by join de- 
pendencies, and there exist binary join dependencies (multivalued dependencies) 
which are not implied by a functional dependency, and there exist join depen- 
dencies with more than two components which are not implied by a set of binary 
join dependencies. If we want to simulate such cases within our data model, we 
could suitably adopt and combine the following approaches: lift attribute val- 
ues into the status of an object, use the option of object-oriented systems to 
declare set- valued attributes (rather than only scalar attributes), employ the 
more general form of pivoting as originally introduced in [4], and simulate rela- 
tional decompositions directly as discussed in [4]. A complete analysis of these 
approaches, however, is beyond the scope of the present paper, and is suggested 
for interesting further research. 
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Abstract. Specification and efficient processing of similarity queries on 
multimedia databases have recently attracted several research efforts, 
even if most of them have considered specific aspects, such as indexing, 
of this new exciting scenario. In this paper we try to remedy this by 
presenting an integrated algebraic framework which allows many relevant 
aspects of similarity query processing to be dealt with. As a starting 
point, we assume the more general case where “imprecision” is already 
present at the data level, typically because of the ambiguous nature of 
multimedia objects’ content. We then define a generic similarity algebra, 
S AME'^ , where semantics of operators is deliberately left unspecified in 
order to better adapt to specific scenarios. A basic feature of SAME'^is 
that it allows user preferences, expressed in the form of weights, to be 
specified so as to alter the default behavior of most operators. Finally, we 
discuss some issues related to “approximation” and to “user evaluation” 
of query results. 



1 Introduction 

The fact that “traditional” (Boolean) queries are not really appropriate for deal- 
ing with multimedia (MM) data has been early recognized, and many systems 
now exist that allow users to issue queries where some form of “imprecision” is 
allowed. For instance, in the QBIC system [10] one can look for images which 
are “similar” to a target one, according to color, texture, and shape of embedded 
objects. Since MM queries can lead to (very) high response times, many efforts 
have been spent in order to devise access methods able to efficiently deal with 
complex features [6]. This line of research has been somewhat complemented 
by activity aiming to provide users with a full-fledged query language able to 
express complex similarity queries [17]. Although the processing of such complex 
queries has been the subject of some recent works [1,7,8,15], a full understanding 
of the implications (both at a formal and at a system level) of similarity query 
processing is still lacking. In particular, several important issues have only par- 
tially been addressed, such as models able to capture the “essential” aspects of 
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MM objects needed by similarity queries, the impact of “user preferences” on 
query processing, the management of “approximate” queries (and the relation- 
ship of this concept to those of query equivalence and query containment), the 
complexity and expressiveness of similarity-based query languages, and so on. 
Furthermore, contributions to above issues typically consider ad-hoc scenarios 
and/or completely ignore the other coordinates of the problem, thus resulting in 
a set of difficult-to-integrate recipes. 

In this work we address several of the above points in a unified algebraic 
framework. We have deliberately chosen to “start simple” from the modeling 
point of view, in order to better focus on those aspects which are peculiar to 
similarity query processing. Thus, we consider a (extended) relational framework 
which takes into account the two major sources of “imprecision” arising when 
querying MM databases [21]: 1) imprecision of classification of MM data, and 
2) imprecision in the matching of features that characterize the content of MM 
objects. As to the first point we rely on basic concepts from fuzzy set theory, 
and allow representation of “vague classification” both at tuple and at attribute 
level (Sect. 2). This reflects the fact that in some cases imprecision characterizes 
an object as a whole, whereas in others it only affects some of its attributes. We 
then introduce a “similarity algebra”, called SAME'^,^ which extends relational 
algebra in a conservative way and incorporates the use of “weights” in most of its 
operators, in order to adapt to user preferences (Sect. 4). We show how complex 
similarity queries can be easily expressed in SAME'^(Sect. 5) and how equiva- 
lence rules can be exploited for the purpose of query rewriting and optimization 
(Sect. 6). In Sect. 7 we present some extensions to our framework that consider 
such relevant issues as “approximation of results” and user feedback. Finally, we 
briefly discuss related work and conclude. 

2 The Data Model 

For the sake of clarity, we first remind some standard notation and definitions. 
Given a set of attribute names. A, and a function dom{) which associates to 
each A € A a value domain, dom{A), a (named) relation schema is formed by 
a relation name, R, and a subset of attributes X = {Ai,...,A„} C Af A 
tuple t over R{X) is any element of dom{X) = dom{Ai) x ... x dom{An), and 
t.Ai = t[Ai] denotes the value of Ai in t. For any Y C X, t\Y] denotes the 
restriction of t on Y , that is, the (sub-)tuple obtained from t by considering only 
the values of the attributes in Y. 

Our data model extends the relational one by allowing both fuzzy attributes 
and fuzzy relations. Remind that a fuzzy set F over a “universe” U is a set 
characterized by a membership function pLp ■ U ^ S, where plf{x) is the degree 
of membership of x in F, also called “score” or “grade” . In the following we will 
always consider a normalized score domain S = [0, 1]. 

^ SAME'^stands for “Similarity Algebra for Multimedia Extended with Weights”. 

^ We will adopt the conventional list notation for sets, thus writing A for {A} and 
XY for XUY. 
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Imprecision at the attribute level is captured by the notion of “fuzzy domain” . 
We say that Ai is a fuzzy attribute if its values are pairs of the form Fj : sj, where 
Fj is a fuzzy set and Sj G S. The two components of Ai can be referred to as 
A" (the “value”) and A^ (the “score”), respectively. Intuitively, given a tuple t, 
t.Ai is interpreted as “t.Ai is an appropriate value, with score t.Af, of attribute 
Ai for t ”, or, equivalently, that “t fits A'" with score In practice, t.A" will 
be a real-world, application-specific concept, used to classify t according to Ai. 
For instance, an image can be classified, considering its Brightness, as dark 
with score 0.8.^ For lack of space, in this paper we do not explicitly consider the 
case where t.Ai is set-valued, which is appropriate when multiple non-exclusive 
classifications are possible (for instance, an image could be classified, according 
to its Color, as red with score 0.8 and as orange with score 0.7). However, 
as shown in [4], this is not restrictive, since set- valued attributes can be easily 
“normalized” into single- valued attributes. 

Non-fuzzy (crisp) domains include “ordinary” sets of values, like integer and 
string, as well as more complex domains, like, say, colorJiistogrcun, which are 
required to represent feature values extracted from MM objects. We conveniently 
call feature attribute an attribute defined over such domains, in order to empha- 
size that for such attributes similarity predicates (rather than exact-matching) 
are the usual way to compare feature values (see Sect. 3.1). 

Imprecision can also occur at the whole tuple level, and motivates the in- 
troduction of fuzzy relations. A fuzzy relation r over R{X) is a fuzzy subset of 
dom(X), r C dom(X), characterized by a membership function ptn (or simply pt 
if R is clear from the context)"^ which assigns to each tuple t a grade p,R{t) G S. 
The notation t.p,R will be used with the same meaning of pLn{f). We say that t 
belongs to r (t G r) iff t.fiR > 0, and r is called a crisp instance iff t.fiR = 1 for 
each t G r. The intuition about fuzzy relations is that, if a schema R{X) rep- 
resents some real-world “fuzzy” concept, the introduction of tuple imprecision 
permits to model how much a given object (tuple) “fits” the concept expressed 
by R{X). 

3 The SAME^Algebra: Preliminaries 

SAME'^extends relational algebra (RA) with a set of peculiarities that make 
it amenable to easily formulate complex similarity queries. SAME '^expressions 
operate on fuzzy relations and always return a fuzzy relation, and can use or- 
dinary (Boolean), similarity, and fuzzy predicates. Semantics of expressions is 
parametric in the semantics of logical operators, which can therefore be varied 
in order to better adapt to user and application requirements. “Weights” can 
also be used to bias the behavior of most operators. 

® Clearly, the fuzzy sets which can occur as values of A^ must be defined over the 
same universe. 

^ There is a slight notational inconsistency here, since the membership function should 
be denoted by pr. In practice, however, the best thing is to use, when needed, the 
relation name, since instances are usually unnamed. 
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3.1 Predicates and Formulas 

A logical formula / is obtained by combining predicates with logical connectives, 
respecting the syntax / ::= p\f A f\f V /H/|(/), where p is a predicate. The 
evaluation of / on a tuple t is a score s(/, t) € S which says how much t satisfies 
/. We simply say that t satisfies f iff s{f,t) > 0. How s{f,t) depends on (the 
evaluation on t of) the predicates in / is intentionally left unspecified, in order 
to achieve parametricity with respect to the semantics of logical operators. The 
basic constraint we impose is that s{f,t) has to be computed by means of a 
so-called “scoring function” [8], s/, whose arguments are the scores, s{pi,t), of t 
with respect to the predicates in /, that is: 

s{f{Pl,---,Pn),t) = Sf{s{pi,t),...,s{pn,t)) . (1) 

Besides Boolean predicates, which evaluate to either 1 (true) or 0 (false), we 
also consider similarity and fuzzy predicates. A similarity predicate has either 
the form A ~ u, where A is a feature attribute, v S dom{A) is a constant {query 
value), and ~ is a similarity operator, or Ai ~ A 2 , where both Ai and A 2 are 
over the same domain.® Then, the evaluation of p : A ~ u on t returns a score, 
s(p, t) G S, which says how much t.A is similar to the query value v. For instance, 
evaluating the predicate Color ~ red over an image t returns a score assessing 
the “redness” of t.® 

Fuzzy predicates, on the other hand, operate on fuzzy attributes. Remind 
that if A is a fuzzy attribute, then t.A is a pair t.A*' : t.A'', where t.A" is 
(the name of) a fuzzy set and t.A'* is the membership degree of t in t.A" . The 
evaluation on t of a fuzzy predicate q : A = w, where w is a fuzzy set, is the score 
s{q,t) = t.A^, if t.A" = w, otherwise s{q,t) = 0. This is to say that we assume 
that different fuzzy sets are incomparable. The same applies to the predicate 
<7 : Ai = A 2 . In this case s{q,f) = 0 if t.A\ yf t.A^, otherwise the score is 
computed as a “parametric conjunction” of the two membership degrees, that 
is, s{q,t) = Sa(I.A^, UA 2 ), where Sa denotes the And scoring function. 

For the sake of definiteness, in the following we restrict our focus on the class 
T of scoring functions corresponding to fuzzy t-norms and t-conorms [13,8], for 
which the And (A) and Or (V) operators satisfy the following properties: 

1. They are both associative and commutative; 

2. Sa( 3;, 1) = a; and Sv(a;, 0) = a: {boundary condition); 

3. a;i < 3:2 S/,.{x,xi) < S/,.{x,X2) and Sy(a;,a;i) < Sy(a;,a:2) {monotonicity). 

As to the Not (^) operator, it is assumed to satisfy the two properties: 

1. s^(l) = 0 and s^(0) = 1 {boundary condition); 

2. a;i < 3:2 s^(3;i) > s-,(3;2) {monotonicity). 

® This is a simplification. It suffices that the domains are compatible for to be 
well-defined. 

® Note that red is just a name for a value of dom(Color), and not a string constant. 
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For instance, TS (fuzzy standard) and TA (fuzzy algebraic) [13] semantics are 
given by the following set of rules: 





TS 


TA 


s(/l A f 2 ,t) 
s(/l V f 2 ,t) 

shfA) 


min(s(/i,t),s(/ 2 ,t)) 
max(s(/i,t),s(/ 2 ,t)) 
1 - s{f,t) 


■ S{f2,t) 

s{flA) + S{f2,t) - S{fl,t) ■ S{f2,t) 

1 - s{f,t) 



Considering the general case of n-ary t-norms and t-conorms, the following in- 
equalities hold Vxi, . . . , Xn G 5 [13]: 

Sa( 2 :i, . . . ,x„) < min(a;i, . . . ,x„) < a;* Vz G [l..n] (2) 

Sv(a;i, . . . , x„) > max(xi, . . . , x„) > Vz G [l..n] . (3) 

3.2 Dealing with User Preferences: Weights 

With a non-Boolean semantics, it is quite natural and useful to give the user the 
possibility to assign a different relevance to the conditions he states to retrieve 
tuples. Such “user preferences” can be expressed by means of weights, thus say- 
ing, for instance, that the score of a predicate on Color is twice as important as 
the score of a predicate on the Texture of an image. The seminal work by Fagin 
and Wimmers [9] shows how any scoring function s/ for a formula /(pi, . . . ,Pn) 
can be properly extended into a weighted version, s/^, where 0 = [6*i, . . . , On] is 
a vector of weights (also called a “weighting”), in such a way that: 

1 . s/q reduces to s/ when all the weights are equal; 

2. s/q does not depend on s{pi,t) when 9i = 0; 

3. SfQ is a continuous function of the weights, for each fixed set of argument 
scores. 

Let Xi = s{pi,t) denote the score of t with respect to pi, and assume without 
loss of generality 0i > 62 > ■ ■ ■ > 0„, with 0^ G [0, 1] and 9i = 1. Then, Fagin 
and Wimmers’ formula is: 

Sfeixi, ...,Xn) = {9i-92)-Xi+2-{92-93)-Sf{xi,X2)-\ \-n-9n-Sf{xi, ...,x„) . 

( 4 ) 

Although above formula is usually used to weigh the predicates appearing in a 
(selection) formula, our position is that whenever scores have to he “combined” , 
then a weighting should be allowed. For instance, if we take the union of two 
relations, it might be reasonable to require that tuples in the first relation are 
“more important” than tuples in the second one. A meaningful example is when 
we want to integrate results from different search engines, but we trust more one 
than the other. Accordingly, most of the SAME'^operators^ that compute new 
tuples’ scores can use weights. 

^ We only leave out Difference, because we were not able to conceive any meaning- 
ful “weighted Difference” query. As to Projection, since the duplicate tuples to be 
combined together are not a priori known, it is not possible to assign weights to 
them. 
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4 The SAME^ Algebra 

Basic operators of SAME '^conservatively extend those of RA in such a way that, 
if no “imprecision” is involved in the evaluation of an expression, the semantics 
of RA applies (see Theorem 4.1). Genericity with respect to different semantics is 
achieved by defining SAME ''^operators in terms of the (generic) scoring functions 
of the logical operators. Thus, if a given semantics is adopted for formulas, the 
same is used by SAME^'^operators, which avoids counter-intuitive phenomena 
and preserves many RA equivalence rules. As an example, the semantics of Union 
(U) is based on that of the Or (V) operator. 

In the following, E{X) denotes an expression with schema A, and e = E[dh] 
is the fuzzy set of tuples with schema X obtained by evaluating E{X) over the 
current database db. We say that a tuple t belongs to e (t S e) iff t.fXE > ^ holds. 
Two tuples ti and t2 with attributes X are equal iff ti[Ai] = holds for 

each Ai e X. In case of fuzzy attributes, tuple equality thus requires that also 
the attributes’ grades are the same. Two relations ci and 62 are equal iff: 1) they 
consist of the same set of tuples, and 2) Vti G ei,Vt2 G 62 : U = t2 ti-M = ^2-M- 

We start by extending “traditional” operators of RA, and then introduce 
new operators which have no direct counterpart in RA. 

Selection ( ) The Selection operator applies a formula / to the tuples in e 
and filters out those which do not satisfy /. The novel point here is that, as an 
effect of / and of weights, the grade of a tuple t can change. Weights can be 
used for two complementary needs: In the first case, they weigh the importance 
of predicates in /, as in [9], thus leading to use the scoring function in 
place of s/.® In the second case they are used to perform a weighted conjunction, 
s®, between the score computed by / and the “input” tuple score, t.pLE- This 
determines the new tuple score, t.pL\ 

G e A f./r= s®(s(/e^,t),t.^E) > 0} . (5) 

Projection ( ) As in RA, the Projection operator removes a set of attributes 
and then eliminates duplicate tuples. Projection can also be used to discard 
scores, both of fuzzy attributes and of the whole tuple. In this case, however, in 
order to guarantee consistency of subsequent operations, such scores are simply 
set to 1, so that they can still be referenced in the resulting schema. This captures 
the intuition that if we discard, say, the tuples’ scores, then the result is a crisp 
relation, that is, a fuzzy relation whose tuples all have score 1. 

Formally, let e be a relation with schema E{X), Y C X, and V a set of 
v-annotated fuzzy attributes, V = {A'tj, where V contains exactly those fuzzy 
attributes for which scores are to be discarded. Note that V can include A" only 
A Ai G X — Y. Finally, let F stand for either /i or the empty set. Then, the 
projection of e over YVF is a relation with schema YW, where if A" G U then 



When using weights, / is restricted to be either a conjunction or a disjunction of 
predicates. 
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Ai € W, defined as follows: 

7ryvF(e) = {t[YW]\3t' G e : t[YV] = A G V : t.A^ = 1 (6) 

A = sy{t" .^E\t''[YV] = f[yy]} if F = ^, otherwise = 1} . 

Thus, tuples’ scores are discarded (i.e. set to 1) when F = 0, whereas they are 
preserved when F = /r. In the latter case, new scores are computed by considering 
the “parametric disjunction”, sy, of the scores of all duplicate tuples with the 
same values for YV . 

Union (U) In SAME'^the Union is an n-ary operator,® which, given n relations 
Ci with schemas Ei{X), computes the score of a tuple t as a weighted disjunction, 
Sy{t.fj,Ei, ■ • • with 0 = [Ox, . . . ,9n], of the input tuples’ scores, that is: 

U® (ei, . . . ,e„) = {t I (t G ei V . . . V t G e„) A t.^i = Sy{t.fXEi,- ■ ■ ,t.gLE„) > 0} . 

( 7 ) 

Note that, because of the presence of weights. Union is not associative anymore. 
This implies that the n-ary Union cannot be defined in terms of n — 1 binary 
unions, as it happens in RA. 

Join ( ) Also the weighted (natural) Join is an n-ary operator, where the score 

of a result tuple t is a weighted conjunction, sf (ti.fiEi, ■ ■ ■ , tnF£:„), of the scores 
of matching tuples: 

cxi® (ex, ... , Cn) = {t[Ali . . . Xn] I 3tx G ex, ... , G e„ : (8) 

t[Xx] = tx[Xx] A ... A t[Xn] = tn[Xn] A t.^1 = S^(tx . , ■ ■ .,tn.fiE„) > 0} . 

Difference ( — ) Given relations ex and 62 with schemas Fi(A) and E 2 (X), 
respectively, their Difference is defined as: 

ex - 62 = {t\t € ex A t.fx = SA(t.tiEi,s^(t.fj.E2)) > 0} . (9) 

Renaming ( ) The Renaming operator is as in RA, thus we do not repeat its 
definition here. 

The following result proves that the “RA-fragment” of SAME'^, that is, 
SAME'^restricted to the above operators, is indeed a conservative extension of 
relational algebra. 

Theorem 4.1. Let E he a SAME^ expression that does not use weights and 
that includes only operators in {cr, tt, U, cxi, — , p}. If E does not use similarity 
operators, the database instance db is crisp and the semantics of the scoring 
functions is in T, then E[db] = EEA[db], the latter being evaluated with the 
Boolean semantics of RA. 

Proof, (sketch) It is sufficient to show that every operator in {ct, tt, U, cxi, — , p}, 
when applied to crisp relations, yields a crisp relation. Here we only consider 

® We also use the infix notation, Ex when only two operands are present. 
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the case of Selection, arguments for the other operators being similar. A Selec- 
tion Uf{E), where / does not contain similarity predicates and E[db] is a crisp 
relation, computes the score of a tuple t G E[db] as Sa(s(/, t), Since Sa is 

a t-norm, t.^E is equal to 1, and s{f,t) is either 0 or 1, the Selection outputs a 
tuple score that equals either 0 or 1 , thus yielding a crisp relation. □ 

Two other operators of SAME'^, that can be derived from those already 
introduced, are: 

B 

Boolean difference (— ) The Boolean difference behaves “as expected”, in 
that if a tuple t belongs to both Ci and 62, with schemas Ei{X) and E2{X), 
respectively, then it is not part of the result, regardless of its scores (in general, 
this is not the case for the Difference), that is: 

B 

Cl — 62 = {t I t e Cl A t ^ 62 A = t.^Ei > 0} . (10) 

B 

Boolean difference can be defined in terms of other operators as ei — 62 = 
6 i — 7 rjf(e 2 ), where '!Tx{e 2 ), according to the semantics of Projection, simply 
discards the scores of the tuples in 62 . 

Intersection (n) As in RA, the Intersection can be defined as a particular case 
of Join, where all the n operands have the same schema X: 

n® (ei, . . . ,e„) = {t I (f e 6 i A . . . A t G e„) A = sf{t.fiEi,- ■ ■ ,b/X£;„) > 0} 
= cx® (ei,...,e„) . ( 11 ) 

The two new operators introduced in SAME'^are the Top and the Cut. 

Top ( ) The Top operator retrieves the first k (k is an input parameter) tu- 
ples of a relation e, according to a ranking criterion, as expressed by a ranking 
function g. If weights are used to rank tuples according to ge^, then g has to be 
a formula of predicates over the schema of If e has no more than k tuples, 
then Tg^ (e) = e, otherwise: 

{e) = {t\tGe A (e)| = fc A Vt G (e) : 

^t' ■. t' e e A t' i (e) A ge^{t') > ge^{t)} (12) 

with ties arbitrarily broken. When g is omitted, the default ranking criterion, 
based on the score of tuples, applies, thus the k tuples with the highest scores 
are returned. 

Cut ( 7 ) The Cut operator “cuts ofP those tuples which do not satisfy a formula 
g, that is: 

7 g(e) = {t\t € e A s{g, t) > 0 A t.p, = t.pLE > 0} . (13) 

Unlike Selection, Cut does not change tuples’ seores. Thus, if g includes non- 
Boolean predicates, the two operators would behave differently. However, the 



10 



If “bottom” tuples are needed, the ranking directive < can be used, written g 0 g,<- 
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major reason to introduce Cut is the need of expressing (threshold) conditions 
on tuples’ scores, e.g. /i > 0.6. Such a predicate cannot be part of a Selection, 
since it does not commute with others. This is also to say that the expressions 
f{E)) and ct/( 7 ^>o. 6 (£')) are not equivalent. Indeed, the first expression 
is contained in the second one, that is: 

C cr/( 7 ^>„(£;)) . (14) 

Proof. (C) Let El and En stand for the left and right hand side expression, 
respectively. Since the Cut does not modify tuples’ scores, if a tuple t satisfies 
both El and Er, then its score will be the same, i.e. t.fiEL = Iper- If t G EL[db], 
then t.p,EL = SL.{s{f,t),t.p,E) > ce holds. From the monotonicity and boundary 
condition of t-norms it follows that t.fiE > ot holds too, thus t G 7 ^>o,(if)[d 6 ]. 
This is enough to prove that t G EE[db\. 

(3) Consider a tuple t for which both t.p.E > a and 0 < Sa(s(/, t), t./is) < a 
hold. This implies that t G E^fdb] but t ^ EL[db]. □ 

5 Examples 

Examples in this section, aiming to show the potentialities and flexibility of 
SAME'^, refer to a biometric DB using faces and fingerprints to recognize the 
identity of a person. Stored data include extracted features relevant for identifi- 
cation,^^ and modeled by the FaceFV and FP_FV attributes, respectively. Because 
of the huge size of biometric databases, a viable way to improve performance 
is, at face and fingerprint acquisition time, to classify them with respect to 
some predefined classes. As to fingerprints, as demonstrated in [14], a “contin- 
uous” classification approach, where a fingerprint is assigned with some degree 
to many (even all) classes, can perform better than an approach based on “ex- 
clusive” classification. As to faces, we consider that the Chin and the Hair are 
also preventively classified. 

Our simplified biometric DB consists of the following relations, where the 
denotes fuzzy attributes and relations that can have fuzzy instances, and primary 
keys are underlined. The Freq attribute is the relative frequency of a fingerprint 
class. This can be computed by considering the scalar cardinality (also called 
the sigma count [13]) of the fuzzy set corresponding to the fingerprint class. A 
partial instance is shown in Fig. 1. 

Per sons (PldjNcune) 

Facesf PId , FaceFV , Chin* , Hair*) 

FingerPrints(FPId,PId,FingerNo ,FP_FV) 

FPClasses ( Class , Freq) 

FPType* ( FPId, Class) 

For fingerprints these can be “directional vectors”, positions of “minutiae”, etc. For 
faces, position of eyes, nose, etc., can be considered. 

Class names are among those adopted by NIST (U.S. National Institute of Standards 
and Technology). 
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Persons FPClasses Faces 



PId 


Name 


POOOOl 

P00002 

P00003 


John 

Mary 

Bill 



PId 


FaceFV 


Chin 


Hair 


POOOOl 

P00002 

P00003 


FFVOOOl 

FFV0002 

FFV0003 


pointed:0.74 

rounded:0.65 

pointed:0.93 


black:0.87 
brown:0.75 
brown: 0.84 



Class 


Freq 


Arch 

LeftLoop 

RightLoop 


3.7% 

33.8% 

31.7% 



Fingerprints FPType 



FPId 


PId 


FingerNo 


FP.FV 




FPId 


Class 




FPOOOl 


POOOOl 


1 


FPFVOOOl 




FPOOOl 


Arch 


0.65 


FP0002 


POOOOl 


2 


FPFV0002 




FPOOOl 


RightLoop 


0.25 


FPOOll 


P00002 


1 


FPFVOOll 




FP0003 


LeftLoop 


0.95 


FP0015 


P00002 


5 


FPFV0015 




FP0005 


Arch 


0.60 


FP0017 


P00002 


7 


FPFV0017 




FP0005 


LeftLoop 


0.20 



Fig. 1. An instance of the biometric database 



The first query aims to retrieve those persons who have black hair, and whose 
facial features match the ones (inFace) given in input: 

^ (H air— ^ black' )A{FaceFV‘^ inFace) (^®ces) . 

The final score of a tuple t is obtained by combining the scores of both Selection 
predicates and the initial score of the tuple (this is 1, since Faces is a crisp 
relation). For instance, if the IFA semantics is used, it is = {s{pi,t)-s{p 2 ,t))-l. 
Assuming the following similarity table: 



~ inFace 



FaceFV 


score 


FFVOOOl 


p 

o 


FFV0002 


0.84 


FFV0003 


0.33 



the result of the query is therefore (0.87 • 0.60 = 0.522): 



PId 


FaceFV Chin 


Hair /i 


POOOOl 


FFVOOOl 


pointed:0.74 


black:0.87 0.522 



Trusting more hair classification than feature matching is achieved by giving 
the first predicate a weight > 0.5, say 0.7: 

'^{Hair=‘black')° '^/\{FaceFV~illFace)»-3 (FaCes) . 

The score of the resulting tuple is now computed as (the score of the crisp relation 
is omitted since it equals 1 and does not influence the computation): 



(0.7-0.3)-s(pi,t)+2-0.3-SA(s(pi,t),s(p2,t)) = 0.4-0.87+0.6-(0.87-0.60) = 0.6612 . 



On the other hand, if the FS semantics is used, the final score would be: 



0.4 • 0.87 + 0.6 • min(0.87, 0.60) = 0.708 . 
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If we want only the persons’ id’s and the scores of the 10 best matching 
tuples, we can use the Top and Projection operators: 

T^PId,fi{T (f^(//air=‘6iacfc')0'’’A(Face_Fy~inFace)0'3 (-P’oces))) . 

In order to see, for the only persons returned by above expression, call it 
E, how well the fingerprint of the left thumb (FingerNo = 1) matches a given 
fingerprint (inFP), we can write: 

^{FingerNo=i)/\{FP.FV^±nFF}{F^ngerPrints) ix npid{E) 

or, equivalently: 

^{FtngerNo=i)A{FP.FV~±nFP)iFingerPrints) E 

since both expressions discard the scores computed by E. Indeed, the Projection 
of E on PId returns a crisp relation, thus the final scores of the resulting tuples 
are, because of the boundary condition of t-norms, those of the component tuples 
returned by the Selection expression, call it E' . On the other hand, the weighted 
Join in the second expression returns a set of tuples whose scores are given by 
the following rule, where E' still denotes the left operand of the Join: 



,tPE) = {I — 0)4. fiE'+2-0-S/\{t. fiE' ,tPE) = t.fiE' ■ 



For a more complex query, assume we want to perform a combined match on 
fingerprints and faces, giving as input an inFP and an inFace. We then join the 
result, weighting more (0.6) the match on faces, combine the tuples of a same 
person (since each person has more than one fingerprint in the DB), and discard 
all the tuples whose overall score is less than 0.5: 

7M>o.5(7rp/d.M(c^FaceFV~inFace(-P’aces)cx|l°®’°-^lCTpp_py_inFp(-P’*«fferPrmts))). 

Given the following similarity table: 



~ inFP 



FPJ'V 


score 


FPFVOOOl 


0.72 


FPFV0002 


0.48 


FPFVOOll 


0.84 


FPFV0015 


0.38 


FPFV0017 


0.55 



consider the case of person POOOOl (‘John’), thus the join of the first tuple of 
Faces with the first two tuples of FingerPrints. The scores computed by the 
weighted Join (when the ES semantics is used) are, respectively: 

(0.6 - 0.4) • 0.60 + 2 • 0.4 • min(0.60, 0.72) = 0.2 • 0.60 + 0.8 • 0.60 = 0.60 
(0.6 - 0.4) • 0.60 + 2 • 0.4 • min(0.60, 0.48) = 0.2 • 0.60 + 0.8 • 0.48 = 0.504 . 
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Then, the Projection combines the two tuples and returns (P00001,0.60), since 
max(0.60, 0.504) = 0.60. Since 0.60 > 0.5, the tuple is preserved by the Cut 
operator. 

As a final example query, we want to know who are those persons with an 
‘Arch’ fingerprint and with a pointed chin, giving these conditions weights 0.6 
and 0.4, respectively. This can be expressed by means of a weighted Join, where 
a 0 weight is used for the Fingerprints relation on which no predicates are 
specified: 

(aci ass=‘ Arch' {FPT ype ) , a chm=^ pointed' (Faces ) , Finger Prints) . 

6 Reasoning in SAME^ 

Equivalence and containment rules in SAME'^can only partially rely on results 
from RA since, unless we consider the FS semantics, rules based on idempotence 
and/or distributivity of logical operators are no longer valid (e.g., E U E ^ E 
in FA). Nonetheless, many opportunities for query rewriting are still left. For 
lack of space, here we present only a selected sample of such rules, focusing on 
Cut and Top operators and on the effect of weights. Complete proofs are given 
only for some of the results. In order to simplify the notation, when no direct 
manipulation of weights is involved, we understand the presence of weights, thus 
writing, say, / in place of fe^. In general, El and En will be used to denote 
the left hand side and the right hand side expression, respectively. As to proofs’ 
style, in order to demonstrate that El = Er (El E Er) holds, we usually split 
the proof in two parts: 

1. We first show that, if t S EL[db] and t G ER[db] both hold for a generic tuple 
t, then t.pEL = ipEn- 

2. Then we prove that El is “Boolean equivalent” to (“Boolean contained” in, 
respectively) Er, written El =b Er (El Eb Er, resp.), that is that the sets 
of tuples computed by the two expressions are the same (the first is a subset 
of the second, resp.), regardless of tuples’ scores. 

We start with some basic rules that are also useful for proving more complex 
results. The following containment relationships hold for any expression E: 

lf(E) E E 
t^(E) e e 

whereas Uf(E) E E, since cr modifies the tuples’ grades. 

As to monotonicity of unary operators, assume that E' Q E holds. Then: 

7/(E') E7/(i?) (17) 

af(E') E af(E) . (18) 

On the other hand, the Top operator is not monotone, that is, E' F E does not 
imply Tg(E') E Eg(E), as it can be easily proved. 



(15) 

(16) 
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The weighted Join is monotone. For this, assume that E[ C Ei holds Vt € 
Then: 

(Si,. . (19) 

Indeed, if a tuple t belongs to E^ldb], then it also belongs to E{i[db]. Since the 
joining sub-tuples leading to t are necessarily the same in both cases, then also 
the score of t will be the same. 

Moving Cut’s Around. Consider the “canonical” Cut condition, ab- 

breviated 7 q, applied to a weighted Join. Our first equivalence rule shows that a 
Cut 7 q^ can be applied to the z-th Join operand, where ai depends on the values 
of weights. Assuming 6*i > 6*2 > . . . > On, we have: 






a, = z G [l..n] . (21) 

1 ~ J ■ {Oj — Oj+i) 
i=i 

For instance, when rz = 3, [6*i, 02,6*3] = [0.5, 0.3, 0.2], and a = 0.6, it is oi = 0.6, 
«2 = 0.5, and 03 = 1/3. Note that oi = a and that ai = a when all the weights 
are equal, i.e. 7a(cxi {Ei,E 2 , ■ ■ .,£*„)) = 7aH {la{Ei),ja{E 2 ), ■ ■ . ,7a(Fl„))). 

Proof. First observe that, since 7 does not change the tuples’ grades, t.fiEL = 
t.fiER holds for all tuples t which belong to both EE[db] and EE[db], 

(C) Let ti G Ei[db], and let Xi = ti.fiEi- A tuple t = (ti,t 2 , ■ ■ ■ ,tn) 

belongs to F1 l[c? 6] iff t.^EL > where I-plel is computed according to (4), 
with the t-norm Sa which takes the place of s/. In order to show that the 
ai cut-off value computed by (21) is safe, first observe that, due to (2), Xi > 
Sa(s:i, . . . ,Xj) holds Vj G [z..rz], whereas, when j < z, we can exploit the inequal- 
ity 1 > Sa(3:i, . ■ . ,Xj). Then, we can majorize t.pEL follows: 

(01 — 02)'1-|-- • --|-(z — l)-(0i_i — 0i)T-|-z-(0i — 0i+i)-a;i-|-- • ■+n-9n-Xi > t.pEL P ^ ■ 

Considering that X]r=i ~ ^tbove inequality can be rewritten as: 






0 ■ {^3 - ^*i+i) + n-9, 

j=i 



2-1 

- ^ 3 + 1 ) 

i=l def 

1 ~ ' i^j ~ ^i+i) 

i=i 



It follows that if t G EL[db], then the corresponding ti has a score ti-psi > cti, 
thus passing the 7 q,^ filter. 

(□) Trivial, since jai(Ei) C Ei, Vz G [l..rz]. □ 
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A similar rule applies when the Cut has the form and follows a weigthed 
Union: 

( 22 ) 

where Oj = o;/(l — ' (^i ~ ^i+i))> Oi = a if weights are not used. 

Proof, (sketch) The proof almost follows the same steps used to demonstrate 
(20). The only difference is that, if a tuple t belongs to both Erldb] and En[db], 
then, in order to have that t./iEL = tpER, we have to prove that no occurrence 
of t in the Ei[db]'s is filtered out by the inner Cut’s appering in Er. □ 

A simple yet useful rule to manipulate Cut expressions is: 

E 7ai(CT/Ag(£^)) (23) 

7ai(CT/(7a2(c^s(£^)))) = 7ai(CT/Ag(i^)) if «1 > 02 • (24) 

Proof, (sketch) The validity of (23) directly follows from monotonicity of Cut and 
Selection ((17) and (18), respectively), after observing that Er can be rewritten 
as 7 o,j (cr/((jg(if))) and that 70 , 2 ( 0 - 3 ( 7 ?)) C (^g{E) holds due to (15). To prove (24) 
we exploit the associativity of Sa and Cut’s definition to show that if t G Eft\dh] 
then t also necessarily belongs to ^a- 2 {'^g{E))[db], from which the result easily 
follows. □ 

Let us now consider the case where we apply to a crisp relation E[db] a 
“cheap” predicate, pi, and a “costly” one, p 2 , after which we Cut the result. If 
predicates are weighted, and Oi > 62 , we can apply a Cut just after evaluating 
Pi, which can lead to considerable cost saving. This also shows how weights on 
predicates can be transformed into weights on tuples’ scores: 

= "l“(4^’^''(7a('^Pi(£^)))) ■ (25) 

Proof, (sketch) Since the Cut does not modify tuples’ scores, if t is in the result 

\0 9 1 

of both expressions then t.fXEL = = Sa ’ ^\s{p\,t),s{p 2 ,t)) > a. 

(E) It is sufficient to show that if t G EL[db], then its score is high enough 
to pass the inner Cut in E^. This is proved by showing that above inequality 
implies s{p\,t) > a. 

\9 0 1 

(□) It can be shown that El can be rewritten as 7 o,(o-p 2 ^’ (i?))), after 

which containment follows from (17), (18), and (15). □ 

Note that above equivalence does not hold if pi is commuted with p 2 , when 
9i > 62 holds. In this case, indeed, a tuple t can satisfy a (E) but not 

Pi AP 2 

\9 9 1 

CTpi^’ (o-p 2 (i?)). In particular, this is the case when s{p 2 ,t) = 0. The reason of 
this asymmetry directly stems from the asymmetry of Expression (4) . 
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Moving Top’s around. Turning to the Top operator, consider the case where 
the ranking criterion, (or simply g) does not refer to tuples’ scores. If no 
ties, according to g, occur in Ei[db] {i G [l-.n]), then it is safe to apply a Top to 
each operand of a weighted Union, that is: 

Proof. First observe that if E' and E are two expressions such that E' E 
(note that we do not require equality of scores), and t belongs to E'[db] (thus to 
E\dh\) and to Tg{E)[db], where g is a ranking criterion which does not consider 
tuples’ scores, then t also belongs to Tg{E')[db]. Since Top does not change 
tuples’ scores, the score of t will be the same in the two top-relations iff so 
it is in E'[db] and E[db]. Now, let E = . . . ,U„) and let E' = 

(C) Consider a tuple t G E^ldb] = Tg{E)[db]. Thus, t is among the k best 
tuples in E[db] according to the ranking established by g. We have to prove that if 
t G Ei[db] then t also belongs to Tg{Ei)[db]. Furthermore, we can limit to consider 
those sub-expressions for which 0i > 0 holds, the others being uninfluential at 
all. Since Ei Qt E (provided 9i > 0, as we are considering), from the above 
observation we have that t G Tg{Ei)[db]. Therefore, whenever t G Ei[db] holds, 
then t G Tg{Ei)[db] holds too. This proves that t.g,E = t.g.E'. Since Top does 
not change grades, and E' Cf, E, we have that t G E^ldb] = Tg{E')[db] and that 

(□) Straightforward. □ 

On the other hand, if the ranking criterion is based on tuples’ scores, the 
above rule can be applied only if Union is unweighted and the ES (max) seman- 
tics is used: 



r'=(U(Ui,...,U„)) = T'=(U(r'=(Ui),...,T'=(U„))) . (27) 

Proof. (C) Assume that t G r^(U(ifi, . . . , En))[db]. Since ES semantics applies, 
this means that t.g,EL = TaiSi,x{t.g,Ei, ■ ■ ■ ,tpE„) is among the k highest scores 
considering all the tuples in U(Ui, . . . , En)[db]. Without loss of generality, assume 
that t.fiEL = tPEi , i-e. tuple t achieves its best score in Ei [db]. We can prove that 
t G T^{Ei)[db] as follows. Reasoning by absurd, assume that t ^ T^(Ui)[d6], thus 
in Ei[db] there are at least other k tuples {h G [l..fc]) such that t^.fiEi > t.g.Ei 
holds. From this we can conclude that ^ t^PEi > t.g,Ei = t.gEL, thus t 

would not belong to Er[db], which is a contradiction. 

(□) Straightforward. □ 

As a negative result, we state that in no case operands of a (weighted) Join 
followed by a Top can be reduced by pushing down the Top (as done for Union). 
Let g = Pi Ap2 A . . . Apn, with pi over the schema of Ei. If the ES semantics is 
used and no score ties occur with respect to the pfs and to g, it is: 
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Proof. Omitted. □ 

Considering the relationship between Top and Cut operators, in general we 
have the following containment result: 

. (29) 

Proof. Assume that t G E^ldb]. Then t also belongs to Tg{E) (due to (15)) and 
to ’yf{E) (due to (16) and (17)). Since jf{E) C E also holds due to (15), we can 
conclude that t G Tg{'-ff{E))[db]. □ 



On the other hand, equivalence is obtained when f = g or when both oper- 
ators have their “canonical” form, that is r^f^aiE)) = ^a{T^{E)). 

Moving Selection. Since the Selection operator changes tuples’ scores, par- 
ticular care has to be paid when reasoning about it. For instance, the following 
equivalence holds only for the ES semantics (and unweighted Union): 



(Jf{U{Ei,...,En)) = L!{af{Ei),...,af{En)) . (30) 

Proof. We first show that if t satisfies both El and Er, then = t.g,E^. As 
to El, it is: 

^ A(.^(,f , {ip El , • ■ • , ipEn ) ) (^^) 

whereas 

t.gEn = Si/{s/i{s{f,t),t.gEi),---,SA{s{f,t),t.g.Ej) ■ (32) 

Equality of scores then follows from the distributivity of Sa over sy, which indeed 
holds only under ES semantics. It remains to show that El =b Er. This part 
is straightforward and we omit the detailed steps here. □ 



Consider the case where / = pi Ap 2 A . . . Ap„, with pi over the schema of Ei, 
and Of = [ 9 i, 92 , ■ . ■ ,0n\. The following rule shows what happens if predicates 
are pushed down a Join, provided Join operands are crisp relations: 

((jpi(Ai),...,CTp„(A„)) C cr/e^(cx (Ei,...,A„)) . (33) 

Proof. Let t = ex (U, . . . , t„) be a tuple which belongs to both EL[db] and En[db], 
with ti G Ei[db]. Since all the Efs are crisp, it is 

t.pEL = {s{Pl,h), . . . , S{pn,tn)) 

and 

t.pER = s{f 0 f,t) = SA^{s{pi,t),...,s{pn,t)) . 

Since s{pi, t) = s{pi, tf) holds Vt G [l..u], equality of scores is guaranteed. Finally, 
showing that El Eh E^ is trivial. □ 

On the other hand, when no weights are used it is immediate to conclude, by 
exploiting the definition of Join and Selection and the associativity of t-norms, 
that: 



ex (crpi(Ei) (E„)) = (J/([X (El, . . . , A„)) . 



(34) 
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7 Other Issues 

7.1 Approximation vs Equality 

Although SAME'^is a “similarity” algebra, it still preserves some aspects where 
similarity is not considered at all. This has the advantage of allowing for a clean 
definition of operators’ semantics, yet in some cases a more flexible view would 
be desirable. In particular, we observe that equality of expressions’ results re- 
quires equality of scores for corresponding tuples, a fact that in some scenarios 
can be exceedingly restrictive. In particular, consider the case when alternative 
similarity operators can be used for a same feature (e.g. ~i, ~ 2 , etc.). As an ex- 
ample, the similarity of two color histograms can be assessed by using a complex 
quadratic-form distance which takes into account colors’ cross-correlations [19], 
but even using the simpler Euclidean distance. In general, if is a “cheap” 
operator, what are the implications of using it in place of a (much) costly ~2 
operator? In the following we provide some preliminary results on the problem 
of “approximate answers” in SAME'^by relying only on rather generic assump- 
tions, which therefore can be strenghtened on need. The starting point is the 
definition of e- compatibility of scores. 

Definition 7.1. A binary relation of e- compatibility over the elements ofS, 
where e > Q, is a symmetric relation closed under interval containment, i.e. a 
relation which for all xi,X 2 ,X 3 € S satisfies x\ X 2 X 2 —e xi and 

Xl < X 2 < X 3 ,Xi X 3 ^ Xi X 2 ,X 2 X 3 . 

Intuitively, e represents the “tolerance” we have on discrepancies of scores. For 
instance, specific cases of e-compatibility relations are: 

\x\ — X 2 \ < e x\ X 2 and a; 2 /(H-e) < x\ < X 2 (l + e) x\ X 2 ■ 

The relationship between the different relations arising from different values 
of e is established by two basic axioms: 

1. X\ ~o X2 X\ = X2 

2. ei < e2,xi X2 ^ xi X2 ■ 

Above extends to relations and expressions as follows (both e\ and 62 are over 
set of attributes X): 

ei 62 7rjf(ei) = 7rx(e2) A Vti € ei,Bt2 € 62 : ti = ^2 A ti.p, t2-p. 
El E 2 ^ ydb : Ei[db] E2[db] . 

Turning to consider algebraic operators, a basic problem is to understand how 
they influence errors on scores. The following holds for the !FS semantics: 

Lemma 7.1. Let Xi a;', i G [l..nj. Then, min(a:i, . . . ,x„)~emin(a:(, . . . ,x'^) 
and max(a:i, . . . , x„) maxfx'i, . . . , x'^) both hold, where e = max(ei, . . . , e^). 
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Proof. We prove the statement for the min scoring function, being the case for 
max analogous. Since Ci < e, it follows that Xi x^ implies Xi x^. Assume 
that min(a;i, . . . , Xn) = Xi < Xj and that min(a;i, . . . , = x' < a;', otherwise 

the result would trivially hold by hypothesis. Without loss of generality, let 
Xj < Xi- Since a;' Xj, from a;' < Xi and Xi < Xj we derive that both a;' Xi 
and Xi Xj hold, thus proving the result. □ 

We have the following result which shows that errors will stay limited to e 
even for arbitrarily complex SPJU (Select, Project, Join, Union) queries. 

Theorem 7.1. Let E he a SAME^ expression with no weights, no negated pred- 
icates, and using operators in {cr, tt, cxi, U}, and let E' be an expression obtained 
from E by changing a similarity operator from ~ to so that (ui ~ V 2 ) —e 
(ui V 2 ) holds for any pair of values vi,V 2 in the domain of Then E =g E' 
holds under TS semantics. 

Proof, (sketch) The complete proof considers each operator in {a, tt, ixi, U}. Here 
we limit the analysis to the Selection operator. Consider the two expressions 
E = (Tp(ifi), where p : A v, and E' obtained from E by replacing ~ with By 
definition of Selection under ES semantics, the scores of tuples satisfying E and 
E' are respectively given by min(s(A ~ v,t),t.fj,Ei) and min(s(A v,t),t.p,Ei). 
By hypothesis, it is s(A ~ v,t) s(A v,t). From Lemma 7.1 it follows 
that min(s(A ~ v,t),t.p,Ei) —e min(s(A v,t),t.p,Ei). This is to say that 

aA^v(Ei) aA^>v{Ei). □ 

Extending the Theorem to the general case of weighted SPJU expressions is 
indeed possible (we omit the proof here). For this, however, we need the following 
additional assumption of linearity on the behavior of e-compatibility relations: 

a;j,a;2 eiie X 2 ^ /3-xi -I- (1 -/J) • 0:2 /J- a:'i -I- (1 -/?) -Xa (/? G [0, 1]) . 

Intuitively, linearity means that if discrepancies of scores stay limited at the 
extremes of an interval, then they are also limited in the whole interval, which 
seems quite reasonable to demand. Note that both sample e-compatibility rela- 
tions we have considered are linear, as it can be easily proved. 

The Theorem does not apply to expressions with negated predicates and/or 
Difference. For instance, consider the second sample e-compatibility relation 
{x\ G [a; 2 /(l -I- e), 0 : 2(1 -I- e)]), and take x\ = 0.8, X 2 = 0.9, and e = 0.2. Clearly 
0.8 - 0.2 0.9, but (1 - 0.8) ;^o .2 (1 - 0.9). 

Finally, the reason why the Theorem does not extend to expressions using Cut 
and Top is that such operators explicitly consider tuples’ scores for determining 
which tuples are to be part of the result. For the Cut, however, the relationship 
between different similarity operators can be exploited as follows. Assume that 
— ' is weaker than ~. This means that, for any pair of values vi, V 2 in the domain 

This is tightly related to “filter-and-refine” strategies used to speed-up the processing 
of range qneries over complex (multi-dimensional) domains, where one adopts a 
“simplified” distance function which lower bonnds the original one [2]. 
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of (ui V 2 ) > (ui ~ ^ 2 ) holds. Then the following applies, where ttx is just 
used to get rid of scores, p : A ^ v, and p' : A v: 

'ya{ap{Trx(E))) =^a{ap{TTx{jaiap>{TTx{E)))))) . (35) 

If is cheaper to evaluate than ~, one can use the expression on the right to 
first filter out all those tuples that do not satisfy the condition p' at least with 
score > a. Since is weaker than ~, the result of this first filter is guaranteed 
to contain all the tuples returned by the expression on the left. 

7.2 Adapting Weights to User Evaluation 

As a final issue, we consider the case where the result of an expression E is 
“evaluated” by the user, who assigns to each tuple ti G e = E[db] a “goodness” 
value gi- Basically, pi represents how much the user considers ti “relevant” for his 
information needs. The fact that the result of a query does not exactly match user 
expectation is common in MM systems, and leads to a “closed-loop” interactive 
process, where user evaluation is fed back to the query engine and then taken 
into account to compute a (possibly) “better” result, and so on. 

For our purpose, relevance feedback algorithms that have been proposed in 
the Information Retrieval (IR) field are not appropriate for two reasons. First, 
they do not apply to complex algebraic expressions [11]. More precisely, such 
algorithms work only for keyword-based similarity search, when queries and 
documents are interpreted as vectors and weights as coordinate values. Second, 
they do not explicitly consider weights at predicate and expression levels. Re- 
cently, Ishikawa et al. [12] have proposed a method ( “MindReader” ) to compute 
an optimal set of weights (according to a specific objective function) , given user 
goodness values and assuming a “range query” whose shape indeed depends on 
weights. In our context, this amounts to “guess” the best similarity operator 
to be used for a certain feature, a problem somewhat orthogonal to the one we 
consider here. 

The generic framework we propose to deal with user judgments is as follows. 
Let be an expression using a set {0j} of weightings, and let e = E^Q.^[db]. 

For each tuple U G e, let pi = and let pi = G{U) be the 

“goodness” that the user assigns to ti {G is called a goodness function). Then, 
consider an objective function O, 0{G, pE^o e) € 3?, that measures the overall 

goodness of e. A set of weightings {0°^*} is called optimal with respect to O if: 
0{G,pe ,,e)> 0{G, PE, V{0,} . 

j 

As an example, assume that O is a function which is maximum when pi = pi 
Vf (thus the Pi’s are values in S), say, 0{G, pE^g,.y', e) = — ^i{pi — and 

consider the expression af^{Ri) af.^{R 2 ), where we take the weighted 

Union of two (crisp) relations, to which the (unweighted) formulas fi and /2 are 
applied. One can think of this as a weighted integration of results from different 
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search engines, where fi and /2 are tailored to the engine at hand, and [6*i,6*2] 
are the initial weights we assign to the two engines, reflecting how much we 
“trust” them. The objective is therefore to minimize: 



where Si_i = s(/i,U) and Si ^2 = s{f 2 ,U). Since numerical methods exist to 
minimize above expression, we can consequently determine optimal values for 
9\ and 6*2, that is, the relative importance to be assigned to the two engines in 
order to make the overall scores as close as possible to their goodness values. 

Although we have not explored yet all the (numerical) intricacies of adjusting 
weights to maximize O, we claim that it is indeed possible to compute {0°^*} 
for any SAME'^ expression. Clearly, the real challenge here appears to be the 
determination of a good tradeoff between the “soundness” of the objective func- 
tion and the corresponding cost of computing (at query time) an optimal set of 
weightings. 



8 Related Work 

In the last two decades, many works have focused on problems related to ex- 
tending data models so as to allow representation of “imprecision” in databases. 
These works are only marginally relevant here, since they mostly concentrate on 
modeling aspects (see e.g. [18]) and typically ignore issues related to advanced 
processing of similarity queries, which are a major concern in multimedia envi- 
ronments. Indeed, it is a fact that similarity queries arise even if the database 
does not store imprecise information at all, provided “similarity operators” are 
defined. This is also the scenario considered by the VAGUE system [16], where, 
however, important features are missing, such as weights, the Top operator, and 
fuzzy attributes. Further, problems related to query optimization are not con- 
sidered in [16]. Recent work by Adali et al. [1] addresses issues similar to ours, 
but important differences exist. First, they do not consider weights, that we have 
shown to introduce new interesting problems in the query optimization scenario. 
Second, they are mainly concentrated on problems related to the integration of 
heterogeneous “similarity measures” , coming from different sources, into a com- 
mon framework. This results in a quite complex “multi-level” algebraic scenario, 
on which reasoning becomes difficult and tricky. In this light, we believe that 
SAME'^is much “cleaner”, and that it highly simplifies the (inherently difficult) 
task of reasoning about similarity queries. 

Finally, several works are related to ours from the point of view of query 
processing and execution. Besides Fagin’s works, here we mention our previous 
work in the area and recent activity related to “Top queries”. In [7] we have 
considered problems related to the efficient index-based execution of similarity 
queries, where all the predicates refer to a single feature (e.g. And objects which 
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are similar to this shape, but not to that one). Results in [7] show how impor- 
tant performance improvements are obtainable by using access methods able to 
process the “query as a whole”, rather than one predicate at a time. 

Recent research on so-called Top queries [3] addresses issues arising in a 
DBMS when the cardinality of the result is limited by the user. In this case, it is 
assumed that the result set is sorted (using the ORDER BY SQL clause), and that 
the result stream is stopped after k tuples have been produced. There is a tight 
connection here with our Top (r) operator, with our “ranking criterion” playing 
the role of the ORDER BY clause. Optimization techniques considered in [3] to 
“push-down” the Top basically exploit primary key-foreign key joins (as well as 
analysis of residual predicates) - a thing which we could embed into SAME by 
means of functional dependencies. 



9 Conclusion 

In this paper we have introduced a “similarity algebra with weights”, called 
SAME'^, that generalizes relational algebra to allow the formulation of complex 
similarity queries over multimedia databases. SAME'^combines within a single 
framework several aspects relevant to multimedia queries, such as new operators 
(Cut and Top) useful for “range” and “best-matches” queries, weights to express 
user preferences, and “scores” to rank tuples. These aspects, together with other 
issues which we have only partially addressed here, such as “approximate result- 
s’’ (see Sect. 7.1) and user evaluation (Sect. 7.2), pose new challenges to a query 
engine, which have not been considered yet in their full generality. For instance, 
if the user evaluates the result of a query, thus the system should adapt to this 
by adjusting weights, how does this affect execution costs? Indeed, as shown in 
Sect. 6, changing the weights will modify the numerical values, thus the process- 
ing costs, used by some operators (like the Cut) to limit the cardinality of the 
arguments of n-ary operators, such as Join and Union. 

A point which would also deserve a much more careful investigation concerns 
the definition of “notions of approximation” which are both practical and useful. 
This is an issue whose importance is likely to considerably grow in the near 
future, and that have only partially been addressed in recent years [20,5]. 



References 

1. S. Adali, P. Bonatti, M.L. Sapino, and V.S. Subrahmanian. A Multi-Similarity 
Algebra. In Proc. of the 1998 ACM-SIGMOD Int. Conf. on Management of Data, 
pages 402-413, Seattle, WA, June 1998. 

2. R. Agrawal, C. Faloutsos, and A. Swami. Efficient Similarity Search in Sequence 
Databases. In Proc. of the 4th Int. Conf. on Foundations of Data Organizations 
and Algorithms (FODO’93), pages 69-84, Chicago, IL, October 1993. 

3. M.J. Carey and D. Kossmann. On Saying “Enough Already!” in SQL. In Proc. 
of the 1997 ACM SIGMOD Int. Conf. on Management of Data, pages 219-230, 
Tucson, AZ, May 1997. 




Imprecision and User Preferences in Multimedia Queries 



71 



4. P. Ciaccia, D. Montesi, W. Penzo, and A. Trombetta. SAME'^: A 
Fuzzy Similarity Algebra for Web and Multimedia Databases. Tech- 
nical Report T2-R26, InterData project, 1999. Available at URL 
ftp : //ftp-db. dels .unibo . it /pub/ interdata/tema2/T2-R26 .ps. 

5. P. Ciaccia and M. Patella. PAC Nearest Neighbor Queries: Approximate and 
Controlled Search in High-Dimensional and Metric Spaces. In Proc. of the 16th 
Int. Conf. on Data Engineering (ICDE 2000), San Diego, CA, March 2000. 

6. P. Ciaccia, M. Patella, and P. Zezula. M-tree: An Efficient Access Method for 
Similarity Search in Metric Spaces. In Proc. of the 23rd VLDB Int. Conf., pages 
426-435, Athens, Greece, August 1997. 

7. P. Ciaccia, M. Patella, and P. Zezula. Processing Complex Similarity Queries 
with Distance-based Access Methods. In Proc. of the 6th Int. Conf. on Extending 
Database Technology (EDBT’98), pages 9-23, Valencia, Spain, March 1998. 

8. R. Fagin. Combining Fuzzy Information from Multiple Systems. In Proc. of the 
15th ACM Symposium on Prineiples of Database Systems (PODS’96), pages 216- 
226, Montreal, Canada, June 1996. 

9. R. Fagin and E.L. Wimmers. Incorporating User Preferences in Multimedia 
Queries. In Proe. of the 6th ICDT Int. Conf., pages 247-261, Delphi, Greece, 
January 1997. 

10. M. Flickner, H. Sawhney, W. Niblack, J. Ashley, Q. Huang, B. Dom, M. Gorkani, 
J. Hafner, D. Lee, D. Petkovic, D. Steele, and P. Yanker. Query by Image and Video 
Gontent: The QBIC System. IEEE Computer, 28(9):23-32, September 1995. 

11. D. Harman. Relevance Feedback and Other Query Modification Techniques. In 
W.B. Frakes and R. Baeza-Yates, editors, Information Retrieval: Data Struetures 
and Algorithms, chapter 11, pages 241-263. Prentice Hall PTR, 1992. 

12. Y. Ishikawa, R. Subramanya, and G. Faloutsos. MindReader: Querying Databases 
through Multiple Examples. In Proc. of the 2fth VLDB Int. Conf., pages 218-227, 
New York, NY, August 1998. 

13. G.J. Klir and B. Yuan. Fuzzy Sets and Fuzzy Logie. Prentice Hall PTR, 1995. 

14. A. Lumini, D. Maio, and D. Maltoni. Continuous versus Exclusive Classification 
for Fingerprint Retrieval. Pattern Recognition Letters, 18:1027-1034, 1997. 

15. D. Montesi and A. Trombetta. Similarity Search through Fuzzy Relational Algebra. 
In Proc. of the 1st Int. Workshop on Similarity Seareh (IWOSS’99), Florence, Italy, 
September 1999. 

16. A. Motro. VAGUE: A User Interface to Relational Databases that Permits Vague 
Queries. ACM Trans, on Office Information Systems, 6(3):187-214, July 1988. 

17. S. Nepal, M.V. Ramakrishna, and J.A. Thom. A Fuzzy Olrject Language (FOQL) 
for Image Databases. In Proc. of the 6th Int. Conf. on Database Systems for 
Advanced Applications (DASFAA ’99), pages 117-124, Hsinchu, Taiwan, April 1999. 

18. K. Raju and A. Majumdar. Fuzzy Functional Dependencies and Lossless Join 
Decomposition of Fuzzy Relational Database Systems. ACM Trans, on Database 
Systems, 13(32): 129-166, June 1988. 

19. T. Seidl and H.-P. Kriegel. Efficient User-Adaptable Similarity Search in Large 
Multimedia Databases. In Proc. of the 23rd VLDB Int. Conf., pages 506-515, 
Athens, Greece, August 1997. 

20. N. Shivakumar, H. Garcia-Molina, and C.S. Chekuri. Filtering with Approximate 
Predicates. In Proc. of the 2fth VLDB Int. Conf., pages 263-274, New York, NY, 
August 1998. 

21. A. Softer and H. Samet. Integrating Symbolic Images into a Multimedia Database 
System using Classification and Abstraction Approaches. The VLDB Journal, 
7(4):253-274, 1998. 




Maximal Expansions of Database Updates* 



Michael Dekhtyar^, Alexander Dikovsky^’^, and Sergey Dudakov^, 
and Nicolas Spyratos^ 

^ Department of Computer Science, Tver State University 
3 Zheljabova str. Tver, Russia, 170013 
^ Universite de Nantes, IRIN, UPREF, EA No 2157 
2, rue de la Houssiniere BP 92208 
F 44322 Nantes Cedex 3 France 
® Keldysh Institute for Applied Mathematics 
4 Miusskaya sq. Moscow, Russia, 125047 
^ Universite de Paris-Sud, LRI, U.R.A. 410 du CNRS, Bat. 490 
F-91405 Orsay Cedex, France 

Michael.Dekhtyar@tversu.ru, Alexandre .DikovskySirin.univ-nEuites . fr, 
Nicolas . Spyratos@lri . f r 



Abstract. Databases with integrity constraints (IC) are considered. For 
each DB update, i.e. a set of facts to add and of facts to delete, the IC 
implies its correct expansion-, new facts to add and new facts to delete. 
Simultaneously, each expanded update induces a correct simplification 
of the IC. In the limit this sequence of expansions and simplifications 
converges to the maximal correct update expansion independent from 
the initial DB state. 

We show that such maximal expansion is computed in square time for 
partial databases, and that its computation is a co-AP-complete problem 
in classical databases. However, it is also square time computable in 
classical DBs under ICs with some restrictions on the use of negation. 
Computing the real change of the initial DB state after accomplishing 
an update is a hard problem. The use of maximal update expansion in 
the place of initial update can substantially simplify computation of a 
new correct DB state. 



1 Introduction 

Conventional databases roll back after updates violating integrity constraints 
(IC). Meanwhile, some developed contemporary databases (for instance, Oracle), 
enable its administrators or application developers to present IC in the form of 
systems of rules (e.g., business rules), and use automatic means, such as triggers, 
which enforce these rules after updates. The intensive recent work on active 
databases (cf. [14]) shows that in the future this ability of intelligent update 
enforcement will be developed. 
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The effect of extensional updates on data can be specified declaratively by 
expressions of algorithmic algebras generalizing SQL (cf. [1]), or by formulas of 
a logical language (see e.g. [4]). However, when IC are presented in the form of 
rule systems, the effect of an update manifests itself indirectly: either following to 
some intentional semantics of rules, or operationally, in the form of a derivation. 
Let us consider the following simplified example. 

Example 1 The IC <P below expresses a typical case of an exception from a 
general rule. It consists of two clauses. The first one expresses the general rule: 
’’children (proposition children^ can bathe fbathej when with parents ('parents^”. 
The other one expresses an exception from this rule: ’’children cannot bathe while 
the ebb tide (proposition ebbj”.- 

bathe ^ children, parents 
^bathe ^ children, ebb. 

Let us consider a DB state where children cannot bathe because of the ebb. This 
state is materialized differently in classical and partial databases. In classical 
databases the absence of a fact means that its negation holds. In a partial database 
S a holds if a G S, holds if G S explicitely, otherwise a is unknown. 

Let us consider first the classical databases. This means that we have the DB 
state I = {children, ebb}. Suppose that the parents arrive, which is expressed as 
the addition of the fact parents to I. This addition causes the conflict with the first 
rule. The possible solutions are simple but nontrivial. The first solution is to re- 
place ebb by bathe. The result is the DB state where children’s bathing is allowed: 
I\ = {children, parents, bathe}. The other is just to eliminate children. The result- 
ing DB state is that where no children’s bathing is needed: I 2 = {parents, ebb}. 

Now, let us consider the case of partial databases. The initial DB is in this 
case I = {children, ebb, ^bathe}. The first solution is then to replace ebb and 
^bathe by bathe, the resulting DB state being: I\ = {children, parents, bathe}. 
The other solution is again to eliminate children, the resulting DB state being 
this time: I 2 = {parents, ebb, ^bathe}. 

In logical terms, the result of such an intensional update is defined as a model 
of a logical theory {knowledge base (KB) update), or as a set of consequences of 
an extensional DB state {DB view update), or else, its effect is defined through 
logical inference, e.g. abduction ( see e.g. [20,12,15,10]), sometimes enforced by 
bottom-up hypothesis generation for integrity checking (e.g. [5]). Sometimes up- 
dates are specified indirectly as a minimal (in a sense) change of the given state 
sufficient to attain an intended KB state (see e.g. [18,19]), sometimes they are 
specified by an update program, so the change is defined by both programs: 
KB and update ([2]). In the case where negative knowledge is treated, these 
approaches work exclusively with some sort of intended models: for instance, 
stable [11] or well founded [21]. 

In this paper we develop the conflict resolution approach to updates, pro- 
posed in [6,7,13]. It departs from the premise that IC have nothing to do with 
data or knowledge definition. They only specify the conflicts to avoid after the 
update. So the use of exclusively “intended” models of IC may lead to the loss 
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of information or to unjustified conflict resolution failures. The above example 
shows such a loss ^ . So in our approach one should consider all classical models 
of IC, but among these models one should find a model minimally deviating 
from the model before update. A bit more formally, the problem we tackle is 
formulated as follows. Given a logic program <P which formalizes the IC, a correct 
initial DB state I \= <P, and an external update A which specifies the facts 
to be added to / and the facts D~ to be deleted from it, one should find the 
minimal real change '?'(/) of I, sufficient to accomplish A and to restore if 
and when it is violated (i.e. to guarantee that C n D~ = 0, and 

'^{I) h '^)- 

Unfortunately, the problem of minimal real change with respect to IC is still 
harder from the complexity point of view than the problem of intended knowl- 
edge update. The latter is of the type “guess and check” (which corresponds 
to NP), whereas, the former is proven in [8] to be A^-complete for classical 
databases. In this paper we prove that its solution is co-fVP-complete for partial 
databases. 

In our earlier papers [6,7] we introduce a broad class of update operators 
W{<1>,A,I) (we call them conservative), which apply to generalized logic pro- 
grams with explicit negation (possible in the bodies as well as in the heads 
of clauses) and are based on a mixed minimal change criterion which is a com- 
bination of the maximal intersection, and of the minimal symmetric difference 
of states. We describe various nondeterministic and deterministic conservative 
update algorithms based on a conflict resolution techniques. In the recent paper 
[8] we propose a practical method of speeding up the conservative update algo- 
rithms. The method is based on the idea that the initial update A = 
can be incrementally and correctly expanded to a broader update after being 
iteratively propagated into the IC Correctness of an expansion means that it 
preserves the set Acc{<P, A) of DB states in which A is accomplished and which 
satisfy being fixed, each compatible update A implies correct expansions: 
Al = □ A and simultaneously correct IC simplifications <Pi ^ 

Using <Pi, Al in the place of <P, A can substantially simplify the choice of a new 
correct DB state after accomplishing update. Indeed, this new state separates 
M+ from M~ ', so the expansion narrows the choice space. 

In this paper we obtain a result which gives a definitive theoretical founda- 
tion to our uproach, and has a clear practical sense. We describe the optimal 
update expansion and IC simplification as those which imply all others and p- 
reserve the models in Acc{<P, A) . The optimal expansion is the maximal real 

^ It seems that the “intended model” methods fail to find the solutions it demon- 
strates. Indeed, since there are no rules with in the head, there is no direct 

refutation or abduction proof of the added fact. I,Ii,l 2 are not stable models of 
One could propose to add the clauses ^ and • • • ^ to ^ and 

then to update the resulting program by the update program { ^ }. In 

this case the states would become stable models of , but again the inertia rules of 
[2,19] would prevent to infer ^ebb. The answer set semantics of [3,16] does not help 
because there is no negation as failure in <I>. 
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change independent from the initial DB state. We show that both, the optimal 
update expansion and the optimal IC simplification are incrementally computed 
from <P and A in square time for partial databases. Unfortunately, their com- 
putation is a co-A^P-complete problem in classical databases. Nevertheless, we 
find an important class of ICs where their computation is easily reduced to that 
in partial databases, so they are again computable in square time. 

The paper is organized as follows. All preliminary notions and notation are 
given in the next section. The conservative update problem is formulated in 
Section 3, and its complexity is established in Section 4. Update expansion op- 
erators are defined in Section 5. The maximal update expansion is explored in 
Section 6 for partial DBs, and in Section 7 for classical DBs. 



2 Preliminaries 

We assume that the reader is familiar with the basic concepts and terminology 
of logic programming (see [17]). 

Language. We fix a 1st order signature S with an infinite set of constants C 
and no other function symbols. A domain is a finite subset D of C. For each 
domain D by A(D), L(D), B(D) and LB(D) we denote respectively the sets of 
all atoms, all literals, all ground atoms, and all ground literals in the signature 
S with constants in D. A literal contrary to a literal I is denoted by We 
set ~^.M = I I G M}. 

Logic programs. We consider generalized logic programs in S with explic- 
it negation, i.e. finite sets of clauses of the form r = {I ^ where 

n > 0 and l,li G L(D), (note that negative literals are possible in the bodies 
and in the heads of the clauses). For a clause r head{r) denotes its head, 
and body{r) its body. We will treat body{r) as a set of literals. Integrity con- 
straints (IC) are expressed by a logic program <P of this kind. IC(D) denotes 
the set of all ground integrity constraints in the signature S with constants 
in D. We consider the following simplification order on IC(D): d>i A d>2 if 
Vr G <d>\ 3/ G d>2 (head{r) = head{r') & body{r) C body{r')). This relationship 
between and means that consists of stronger versions of some clauses 
of <P 2 - 



Correct DB states. In this paper we consider both kinds of interpretations of 
ICs, total and partial, over closed domains. This means that a certain domain D 
is fixed for each problem. A partial interpretation (DB state) over D is a finite 
subset of LB(D). For such an interpretation / C LB(D) we set I~^ = I O B(D) 
and I~ = I n ^.B(D). I is consistent if it contains no contrary pair of lit- 
erals I, ~^.l. Intuitively, in a consistent partial DB state / the atoms in /+ are 
regarded as true, the atoms in ~^.I~ are regarded as false, and all others are 
regarded as unknown. A partial interpretation / is total if I~^ U ^.I~ = 0 and 
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/+ u ^. 7 - = B(D). So the total interpretations are consistent by definition. 
They are completely defined by their positive parts, therefore, we will identify 
total interpretations with subsets of B(D). D being fixed we consider ICs with 
constants in D and groundisations over D. Given an IC G IC(D) and a DB 
state I over D, a (ground) clause r = {I ^ li,...,ln) of is valid in I 
(denoted 7 ^ r) if I \= I whenever I \= U for each 1 < z < n. For a partial 
DB state 7 and a ground literal I I \= I means I G I. For a total DB state 7 
and a ground atom a I \= a means a G I, and 7 ^ ^.a means a ^ I. 7 is 
a correct DB state or a model of (denoted 7 |= <?) if it is consistent (which 
is always true for total DB states) and every clause in is valid in 7. 



Consequence closure. Let G IC(D). For a partial interpretation 7 we set 

n 

cl,p{I) = {l\3r = {I ^ li,...,ln) G ( /\ I \= li )}. A strong immediate conse- 

i=l 

quence operator is the total operator 



Tiii) = 



cl,p{I) : cl,p{I) is consistent 
LB(D) : c4(7) is inconsistent. 



We de- 



Being continuous, Tj has the least fixed point lfp{T^) = (J (Tjl 

z— 0 

note this set by A7™”. It is clear that if M™” is consistent, then it is the least 
(partial) model of <P. For any partial DB state 7 we set M™”(7) = 



Updates. When partial interpretations over D are considered, an update is a 
pair Z\=(77+,77“) where , D~ are subsets of LB (D). In the case of total 
interpretations D^,D~ are subsets of B(D). In both cases 77+ n D~ = 0. 
Intuitively, the literals of 77+ are to be added to DB state 7, and those of 
77“ are to be removed from 7. For both kinds of interpretations UP(D) will 
denote the set of all updates in the signature S and with constants in D. We 
say that A = is accomplished in 7 if 77+ C 7 and 77“ n 7 = 0. 

A partial DB state 7 agrees with (partial or total) Z\ if 7 n (77“ U ^.77+) = 0. 
The updates in UP(D) will be partially ordered by the componentwise inclusion 
relation: Z\i C Z \2 iff 77+ C and 77)" C 77^. 



Update operators. Let F be an operator of the type F : IC(D) x UP(D) 



IC(D) X UP(D), T(7>,A) = (^',Z\'), and A' = (77'-^, 77'”). In the definition- 
s to follow <!>' , A', , and D'~ are denoted respectively by F{'P,Ay'^, 

F{d>, Z\)“P, F{<F^ 1 and F{(1>, A)~ . We denote by 7^” the n-fold composition 

of F and by F'^ the operator F‘^{<P,A) = lim F"'{<P,A). 



In the sequel we will omit D when it causes no ambiguity. So when D is 
subsumed, in the place of A(D), L(D), B(D), LB(D) we will use the notation 

A, L, B, LB. 
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3 Conservative Update Operators 

In general an update may contradict a constraint. So a reasonable definition of 
an update operator should either contain a requirement of “compatibility” of an 
update and a constraint, or specify a part of the update “compatible” with the 
constraint. The requirement of compatibility is easy to formalize. 

Definition 1 For F € 1C and A G UP let us denote by Acc{F, A) the set of 
all models I \= <P where A is accomplished. An update A is compatible with an 
IC ^ if Acc{F, A) 

Compatibility of with A = means that there is a model I G 

Acc(<P, A) . For partial interpretations this guarantees the existence of the least 
model which is in fact the set of all ground consequences of the facts 

in with respect to F. We denote this model by is constructed in 

time linear with respect to the summary size of <P and A. This means that for 
partial interpretations compatibility of <P and A is recognized in linear time. 
For total interpretations the consistency of does not guarantee compatibility 
of F and Z\, as the following example shows. 

Example 2 Let us consider IC <P = {r\ : ^ a, b; T 2 : ^6 ^ ~^a, c} and 

update A = ({6, c},0). Then it is easy to see that = {b,c}. But of course, 
there is no total DB state satisfying <F, where A is accomplished. 

As we show in [8], the compatibility problem for total interpretations is NP- 
complete. 

Conservative update operators provide in a sense a minimal real change of 
the initial DB state after its update. In [6] we propose the following minimal 
change criterion intended to keep as much initial facts as possible, and then to 
add possibly fewer new facts. 

Definition 2 Let /, I\ be two DB states, and K. be a class of DB states. 

We say that Ii is minimally deviating from I with respect to K if 

v/2 G K (-(/ n /i c / n /2) & ((/ n 7 i = / n I2) ^{h \ / c /i \ /))). 

Conservative update operators [7] have the following definition (for interpreta- 
tions of both kinds) . 

Definition 3 Let A be an update compatible with IC <F. An operator F on the 
set of DB states UP is a conservative update operator if for each DB state I : 

• T{I) is a model of<F, 

• A is accomplished in T{I), 

• T{I) is minimally deviating from I with respect to Acc(F,A). 

Clearly, the conservative update operators are nondeterministic. The ’’children- 
ebb-tide” example in the Introduction describes two different DB states mini- 
mally deviating from the initial one for the interpretations of both kinds. The 
problem of finding one of the conservative update operator values for given IC, 
update and initial DB state is called in [6] the enforced update problem (EUP). 
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As it is shown in [7], these operators have the following model completeness 
property: for any two DB states h,l 2 satisfying IC ^ there exists an update A 
such that I 2 =^{h). 

4 Complexity of Conservative Updates 

In order to measure the complexity of conservative updates we consider two 
standard algorithmic problems: Optimistic and Pessimistic Fall-Into-Problem 

(OFIP, PFIP) (cf. [9]). 

OFIP: Given some A G UP compatible with F G IC, an initial DB state I, 
and a literal I G LB , one should check whether there exists a DB state ^ Ii such 
that: 

(a) IiGAcc{^,A), 

(b) I\ is minimally deviating from I with respect to Acc(d>, A), and 

(c) h h I- 

PFIP: requires (c) be true for all DB states Ii satisfying (a) and (b). 

We consider the combined complexity of these problems with respect to the 
problem size evaluated as N = |D| + |/| + |Z\| + \<1>\ + |?| (| | is the size of 

constant or literal sets and of programs in some standard encoding) . We denote 
respectively by OFIP and PFIP the sets of all solutions {I,A,<P,l) of these 
problems. These problems are ’’co-problems” in total interpretations in the sense 
that (/, A, (p, 1) G PFIP iff (I, A, F, ^.l) ^ OFIP. In [8] we show that for total 
DBs OFIP is Al-complete, so PFIP is ill-complete. For partial DBs these 
problems are simpler. 

Theorem 1 (Case of partial DBs) 

(1) OFIP and PFIP belong to P in the case where: 

a) is normal (i.e. there are no negations in the heads of clauses), 

b) there are no deletions and negations in A, i.e. C B and D~ = 0, and 

c) there are no negations in I, i.e. / C B. 

(2) If any of conditions a), b), c) is violated, then OFIP is NP-complete and 
PFIP is co-N P-eomplete. 



The following standard algorithm Dp. search resolves EUP in partial inter- 
pretations 



^ We remind that some finite domain D is fixed. 

® Since DB states and updates are finite, and the domain is closed, the space of DB 
states resnlting from updates is finite as well. For each subset X of this space we fix 
the topological order with respect to set inclusion on subsets of X, with the successor 
function nextx- We set nextx(X) = T for some constant T. 
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Algorithm Dp_search{I, A) 

/npttf; a DB state I, and some compatible update A—{D'^,D~) and S IC. 
Local variables: I, H~ , Hdei '■ sets of literals; b : boolean. 

Output: I\ . 

(1) i :={IOD+)\D-- 

(2) H- :=I\D+; 

(3) Hdei ■■= 0 ; b := false; 

(4) WHILE ^b AND Hdei -L DO 

(5) h-.= M^^^{i\Hdei); 

(6) IF h is inconsistent OR Ii does not agree with A 

(7) THEN Hdei := nextH-{Hdei) 

(8) ELSE b := true 

(9) ENDJF 

(10) END.DO; 

(11) Output Ii. 

Theorem 2 Algorithm Dp_search implements conservative update operators 
for partial interpretations in linear space and in time 0(2'^ N), where N = 
|<?| + |A| and d is the size (the number of literals) of H~ . 

In [8] we describe a similar algorithm D. search which implements a conservative 
update operators for total interpretations in linear space and in time 0(2'^+“ A), 
where a is the size of the choice space for facts to add. 

This complexity analysis leaves no hope to optimize substantially the stan- 
dard algorithms by some general theoretical method. However, there may exist 
some practical speed-up methods. Below we propose one such efficient method. 



5 Update Expansion Operators 

If we look at the EUP solutions, we see that A, and / being fixed, each so- 
lution Ii is represented as /i = (/ U M+) \ M~ , where M+ D D+, M~ A D~ , 
and M+ n M~ = 0. In [8] we have proposed an operator Pum which gives 
an approximation (Dq,Dq) to {M~^ , M~) in the case of total interpretations: 
M+ A Dq a £)+, M~ A Dq a D~ . The expansion {Dq , Df) of (D+, D~) does 
not depend on I . It is computed from <!> and A incrementally in deterministic 
square time. Moreover, Pum equivalently simplifies the IC ‘L itself with respect 
to the expanded update. So to find (M+,M“) we use this simplified IC in the 
place of <P. Our new idea is to provide a more powerful operator Pmax which 
gives the maximal update expansion and IC simplification implied by and A. 
To arrive at its definition we modify the concepts of [8]. 

We start by the following factorization of the space IC x UP. 
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Definition 4 The pairs {<T, A), {(!>', A') G IC x UP are update-equivalent fno- 
tation: {^,A) =„ {'T',A')) if Acc{'P,A) = Acc{'P' , A'). We set Equ{<T,A) = 
{(<?', I (<?>', Zi') =„ (<Z>,Zi)}. 

The orders C on UP and ^ on IC induce the following natural partial order on 

IC X UP : 

, zli ) A (^2 1 A 2 ') iff Ai C A 2 and ^2 A ■ 

This order has evident computational sense: expansions of updates narrow the 
search space of standard algorithms D.search and Dp.search, and simplifica- 
tions of IC at least simplify model checking. 

The general definition of expansion operators is as follows. 

Definition 5 An operator T : IC x UP ^ IC x UP is an update expansion 
operator if 

• (^, A) =„ r{<P,A) and 

• \t>,A) Ar{T>,A) 

for all compatible G IC and A G UP. 

Quite evidently, the set of update expansion operators is closed under composi- 
tion. 

We are interested in expansion operators which provide the best expansion 
independent of the initial DB state. As it concerns updates, such a best ex- 
pansion always exists. Indeed, let us remark that {d>, {D^ U D 2 ,Df U Df)) G 
Equ{'P, A) for any (^ 1 , , Df)), (^ 2 , e Equ{<P, A). So the follow- 

ing proposition is true. 

Lemma 1 (For interpretations of both kinds) 

1) Equ{<P,A) contains pairs with the greatest update A((^^ = 

where I G Equ{^,A)} and = UlA*" I 

(<?', (U'+, D-)) GEqu{F,A)}. 

2) D+,,C n {/ I / eAcc(<l>,A)}. 

3) D-,, n U U \lGAcc{<P,A)} = a). 

As it concerns IC simplification, it is possible that two or more minimal equiva- 
lent programs are ^-incomparable. 

Example 3 Let <Li = {ri : a ^ b; T 2 : 6 ^ a; ra : c <— a} <^2 = {?’iU 2 } U {rg : 
c ^ b} and A = ({d}, 0). Then Equ{<Pi, A)} includes two incomparable maximal 
pairs: (({d},0),^i) and (({d}, 0), ^ 2 )- 

So we propose the following definition. 

Definition 6 An expansion operator T is optimal if for all compatible <P and A 
. T{F,ArP = Al,^ and 

• (!)'< T{<P, Ay^ for no F' such that (4>', A') G Equ{<!>, A) for some A'. 

The update expansion operators in [8] propagate into <P the initial update A = 
{D^ ,D~) and so define the set of literals I which it requires {A ^ 1), and those 
to which it contradicts (A ^ 1). Table 1 below describes the primary relations 
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1= and between A and ground literals a, G and a, G D~ in the case 
of partial interpretations. Table 2 describes these relations for total DB states 
and for ground atoms a G and a G D~ . These relations can be extended to 
conjunctions of ground literals h, Ik G BL : A\= li, Ik if Vj {A ^ Ij), and 
A ^ ^ 1 , Ik if {A Ij). In particular, A\=%, and Z\ ^ 0 is not true. 

Table 1. Relations A \= I and A ^ I for partial DB states. 



G 


D+ 


D~ 


a 


Z\ 1= a, A ^ 


AY^ a 


~^a 


A \= ^a, A ^ a 


A ^a 



Table 2. Relations A [= I and A ^ I for total DB states. 



G 


D+ 


D- 


a 


Z\ 1= a, A ^ 


A \= ^a, A ^ a 



These definitions allow to carry over the validity of literals from updates to 
the DB states in which the updates are accomplished. Namely, an update A 
being accomplished in an DB state I, 

(1) if Z\ 1= li , ..., Ik then / |= ^i, ...Ik and if ^ h , ..., h then ~^{I ^ li, ...Ik), 

(2) if / ^ li,...lk then it is not the case that Z\ ^ l\,...,lk. 

Both relations |= and ^ are monotone with respect to updates. 

The simplification order on programs we use conforms with the following 
residue operator simplifying logic programs via updates. 

Definition 7 The residue of <P G IC with respect to A is defined as: 
res{T>, A) = {I ^ a \ 3r G (header) = I & ^(Z\ [= 1) ^(Z\ ^ hodyfr)) & a C 

body{r) & body{r) \ a = max{f3 C body{r) \ A |= /?})}. 

The effect of the residue operator is different in total and partial interpretations. 
However, in both cases it is correct with respect to Acc{<P,A), confluent with 
respect to updates, and computable in linear time. 

The particular update expansion operators we propose in this paper gener- 
alize those in [8]. They also propagate the relations A ^ I and Z\ ^ I into the 
clauses of <P in opposite directions: from bodies to heads and back. 

The case of partial DBs 

Forward operator F on G IC and A = {D^ ,D~) G UP : 

F(<P,A)+ = D+ U {l\3rG<F{l = head{r) k A^ body{r))} 

F{^,A)~ = D~ U{^.1\ I G F{F,A)+}. 

Backward operator R on G IC and A = {D~^, D~) G UP : 

B{T>,A)+ = D+ 

B{<P,A)~ = D~ U {I I U {1}) does not agree with A}. 
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The case of total DBs 

Forward operator F on F £ IC and A = {D^ ,D~) € UP : 

F(d>, Z\)+ = U+ U {o G B I 3r G ^ (a = head{r) & Z\ |= body{r))} 

F{<1>,A)~ = D~ U {a G B I 3r G ^ (^o = head{r) & Z\ |= body{r))}. 

Backward operator S on G IC and A = (U+, D~) G UP : 

Z\)+ = -D+ U {a G B I U ^.D~ U {^a}) does not agree with 

Zi} 4. 

b[<P,A)~ = D~ U {o G B I U ^.D~ U {a}) does not agree with 



It is clear that both operators F and B are monotone with respect to the 
order on UP. They are also invariant with respect to the residue operator res 
and do not change models in Acc{(P, A). 

We now use these operators to define the forward and backward update ex- 
pansions. 

Forward update expansion F f : 



The operators F, B, and res we have introduced, have good properties which 
guarantee the existence of limits for the directed sets of their iterations, and that 
the operators Ff and Ft are update expansion operators (see [8]). Meanwhile, 
their properties in partial and in total interpretations are very different. 



jj{<P,A) = i<P,A) 

■yf{^,A) = (res{^,A), 

F{res{F, A), A)) 
j^+\<l>,A) =7/(77(<Z>,Z\)) 
Ff{F,A) = lim 7?(^,Z\). 

n— ^oo 



Backward update expansion : 



j°,{<P,A) = {<P,A) 

■jb{^,A) = (res{<P,A), 

B{res{<F, A), Z\)) 

7n+l(^^^) 

Fb{F,A) = lim 7?(‘Z',^)- 

n— ^oo 



6 Optimal Update Expansion in Partial Databases 

The composition of operators {Ff o Fb) is again an expansion operator. One 
can consider the powers of this composition of the form {Ff o Fb)"^ , n > 1. 
It is surprising that in partial and in total DBs these operators have different 
properties. In [8] we show that for total DBs these powers can form a proper 
hierarchy. The expansion operator Fum mentioned in Section 5 is the limit of 
this power hierarchy: Fum = {Ff o Fb)^ . In partial DBs the powers hierarchy 
degenerates. 

Theorem 3 In the case of partial DBs {Ff o Fb)"' = Ff o Fb for all n> 1. 

In order to reach the optimal expansion we introduce the following nondeter- 
ministic refinement operator on ICs. 

^ We remind that MJP*" is syntactic, i.e. is understood as in partial interpretations. 
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Definition 8 Let <P G IC and A = G UP. The refinement of by 

A is a maximal program = ref{<P, A) A in which every clause r meets the 
conditions: 

(a) if headfr) agrees with A, then M^’‘”‘{body{r)) agrees with A; 

(b) r gT>' is independent of <P' \ {r} (i.e. head{r) ^ M^™^^y{body{r))); 

(c) bodyir) \ ^ 0 for any a C bodyfr). 

The refinement operator is correct, i.e. Acc{ref{<P, A), A) = Acc{<P,A), and is 
computable in square time. Together with the limit expansion operator it gives 
the needed optimal expansion. 

Theorem 4 Let Tmax be the operator on IC x UP defined by the equalities: 

(i) r^ax{<T, Z\)“P = Tf o n(4>, Z\)“P, 

(ii) rmax{<T, Af^ = refiTf o n(<l>, Z\)-, Tf o n(4>, Z\)“p). 

Then: 

1 ) Tmax is an optimal update expansion operator. 

2) Tmax is computable in square time. 

7 Optimal Update Expansion in Total Databases 

Unfortunately, in the case of total DBs the update is rather complex. 

Theorem 5 For total DBs the set {{F, A, a) | a € is co-N P -complete. 

The composition of the limit operator (// o Fif)^ and of the refinement operator 
ref is computed in square time, but it does not give the optimal expansion 
in general. It can serve as a more or less good approximation to the optimal 
expansion operator. Nevertheless, there is an interesting subclass of total DBs 
for which the optimal expansion operator is computable in polynomial time. It is 
the class of DBs with ICs whose clauses have positive bodies: — {<L G IC | 

(Vr G F){ bodyfr) C B)}. For this class there exists a close relationship between 
maximal elements of Equ{d>, A) in total interpretations and those in partial 
ones 

Theorem 6 Let a total update A = be compatible with an LC <L> G 

ICP*". Then 

(1) if A^^^ is the maximal update in EquP{<P, A), then A*^^^ = n 

B, Dp n B) is the maximal update in Equ*(T>, A); 

(2) if Al^^^ is the maximal update in Equ*{'P, A), then Ap = {Di^ U{^a|3r G 

(head{r) = & body{r) C Df )},^.Df U Df) is the maximal update in 

EquP{F, A). 

We should amend the definition of partial refinement because it does not give 
the t-simplest IC, as the following example shows. 

® In order to distinguish notation in partial and total interpretations we will use in 
this section upper indices p and t respectively. Considering updates A = 
with U C B in the context of partial DBs we will call them total. 
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Example 4 Let = {^o ^ b,c] c ^ a} and <?2 = ^ b] c <— o}. Clearly, 

L >2 -< d>i. For A = (0,0) the partial DB state {6} belongs to Acd’{<Pi, A) \ 
AccP{< 1>2, A). However, AcC{L>i, A) = AcC{d> 2 , A) = {0, {6}, {c}, {o, c}, {b, c}}. 



Definition 9 Let <P G and A = {D^,D~) G UP. The t-refinement of <L 

by A is a maximal program T>' = re/* {F, A) A in which every clause r meets 
the conditions (a)-(c) of definition 8 and also the conditions: 

(d) if headfr) is a negative literal, then M^™{body(r) U ~^.head{r)) agrees 
with A; 

(e) if head{r) is a negative literal, then body{r) \ U ^.head{r)) 0 

for any a C body{r). 

This nondeterministic operator is correct with respect to AcC {<P, A) for ICs 
in ICPb 

and computable in square time. Being combined with partial limit 
expansion operator it gives the optimal expansion. 

Theorem 7 Let FL„^ be the operator on ICP*" X UP defined by the equalities: 
(i) A)+ = ^.{Ff o Ft{<P, A)-) n B, 

(^^) A)- =FfO F,{d>, A)- 

(in) Afi- = refiFf o Afifi Fj o F,{F, Z1)“p). 

Then: 

1 ) /((jaa; Optimal Update expansion operator for total DBs with LCs in 

ICP*^. 

2) Tmaa; is computable in square time. 

Restricting ourself to ICs in ICP*^ we find a simple relation between the solutions 
of the EUP in partial and total DBs. 

Theorem 8 Let a total update A = (U+, D~) he compatible with LC T> G ICP*^ 
and / C B &e o DB state. Then: 

(1) if a partial DB state L\ G Acd’{d>, A) is minimally deviating from L with 
respect to Acc^{'L>,A), then the total DB state L)' belongs to Aaf{d>,A) and is 
minimally deviating from L with respect to AcCfiP, A); 

(2) if a total DB state L\ G Acc^{<P,A) is minimally deviating from L with 
respect to AcC{<F, A), then the partial DB state L[ = /iU{^a | 3r G ^ {headfr) = 
& body(r) C Li\ belongs to AccP{<P, A) and is minimally deviating from L 
with respect to AccP{<F,A). 



Example 5 Consider the following LC T> G ICP*^.- 

ri : salary{100) ^ dept{cs),pos{programmer); 

i "2 ■ ^pos{programmer) ^ dept(cs), salary (30), edu{high); 

T 3 : ~^salary{30) ^ salary{100); 

V 4 : ^dept(cs) ^ edu{low); 

rs : edu(high) ^ posfprogrammer). 

Clearly, L = {salary (30), pos{programmer),edu{high)} is a partial as well as a 
total model ofd>. Suppose we add a new fact to this DB state: = {dept{cs)}. 
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There are two ways to treat this update. We can consider it partial. Then the 
operator T^ax returns <Ti : 

r[ : salary{100) ^ pos{programmer); 

r '2 : -^pos{programmer) ^ salary{30), edu{high); 

T 3 : ~^salary{30) ^ salary{100); 

T 5 : edu(high) ^ pos{programmer). 

and = {dept{cs)}, D~ = {^dept{cs) , edu{low)} . Applied to this expansion, 
Dp.search gives the DB state I\ = {salary (100), pos{programmer), edu{high), 
dept{cs), ~^salary{30)} minimally deviating from I with respect to Acd’{<T,A). 
By theorem 8 it is transformed into the total DB state: = {salory(lOO), 

pos{programmer) , edu{high), dept{cs){ minimally deviating from I with respect 
to Acc*{T', A). 

We can also consider this update total. Then the operator returns a 

slightly simpler IC : 

r{ : salary{100) ^ pos{programmer); 
r'f : -^pos{programmer) <— salary{30); 

T 3 : ~^salary{30) ^ salary{100); 
rs : edu(high) ^ pos{programmer). 

and Df = {dept{cs){, Df = {edu(low)}. The resulting total DB state It = 
{dept{cs), edu(high), salary (100), pos{programmer)} minimally deviating from 
I is the same as above, r'f results from T 2 by point (e) of the definition of ref* 
because edu(high) G M™”(^./iea(i(r 2 )) = {pos{programmer)) . 

8 Conclusion 

The problem of computing the minimal real change restoring the correctness of 
an updated DB state, is proven to be hard. We subdivide this problem into two 
parts: 

- first part is to maximally expand the update, taking into account all its 
consequences with respect to IC, and simultaneously to maximally simplify the 
IC itself with respect to this expansion; 

- second part is to find the minimal real change of a given DB state. 

The first part does not depend on the initial DB state, so it should be in- 
cluded in any DB update procedure. We show that in partial DBs this part is 
computable in square time. In classical DBs this problem is itself quite hard. So 
we propose its reasonable approximation computed in square time. Moreover, we 
show that for ICs with positive clause bodies the maximal expansion is computed 
in square time for classical DBs. As it concerns the second part, even standard 
complete choice procedures solving this part of the update problem can be sub- 
stantially simplified, being applied to the expanded update and the simplified 
IC in the place of the initial ones (cf. the dynamic optimization method in [8]). 
Moreover, this techniques may lead to efficient interactive update algorithms, 
where the maximal expanded update is accomplished in current DB state, then 
conflicts are proposed to resolve, which leads to a new update, etc. 
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Abstract. Suppose that the entries of a relational database are collected 
in an unreliable way, that is the actual database may differ from the true 
database in at most one data of each individual. An error-correcting key 
is such a set of attributes, that the knowledge of the actual data of an 
individual in this set of attributes uniquely determines the individual. It 
is showed that if the minimal keys are of size at most k, then the smallest 
sizes of the minimal error-correcting keys can be ck^ and this is the best 
possible, all minimal error-correcting keys have size at most 3fc®. 



1 Introduction 

A database can be considered as an m x n matrix M, where the rows are the 
data of one individual, the data of the same sort (attributes) are in the same 
column. Denote the set of attributes (equivalently, the set of columns of the 
matrix) by 17, its size is |17| = n. It will be supposed that the data of two 
distinct individuals are different, that is, the rows of the matrix are different. 
We write A — > 6, A C 17, 6 G 17 if the matrix contains no two row identical in 
the columns belonging to A and different in b, that is, if the data in A uniquely 
determine the data in 6. A —> 6 is called a functional dependency. A subset K of 
17 is called a key if A — > 5 holds for all b G f2, that is, if the data in K determine 
the individual (row) uniquely. In other words, there are no two distinct rows of 
the matrix which are equal in AT. A key is a minimal key if its no proper subset 
is a key. Denote the family of all minimal keys by 1C. 

Suppose that the data are collected in a non-reliable way, for instance the 
data come through a noisy channel, or simply the input is handled with typos. 
One might have complicated probabilistic assumption on the occurance of the 
errors, but these assumptions are difficult to use. We simply suppose that the 
probability of an error is so small, that at most e of the data of each individual 
can be incorrect. 

* The work of the second and third authors was supported by the Hungarian National 
Foundation for Scientific Research grant numbers T029255 



K.-D. Schewe, B. Thalheim (Eds.): FoIKS 2000, LNCS 1762, pp. 88—93, 2000. 
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Consider the situation of data mining. Then a large set of data is given 
and rules, connections (dependencies) are sought among the data. The most 
important case is when we are looking for functional dependencies. They are 
useful only when |^| is small, on the other hand, finding functional dependencies 
with large \A\ has computational obstacles, too. The errors make the recognition 
of functional dependencies harder. The aim of the paper is to give some insight 
into these difficulties. 

We consider here only the special case when keys are sought in the database. 
If iC is a key, it may seem not to be a key since certain row equal in K might 
differ at an erroneous entry. If all these attributes are added to K then these 
two row do not serve as a counter-example, but there might exist other pairs of 
rows with this property. Can we find a, K G K' which behaves as a key for the 
database with errors? How large they can be? Suppose that the “real keys” have 
size at most k. How large these new “keys” K' can be? Our main theorem will 
answer this question. 

First we will formalize the questions asked above. Let M denote the matrix 
of the real data and M* {m x n, again) the collected ones. We know that M 
and M* differ in at most e entries in each row. Although it is here also supposed 
that the real data of two distinct individuals are different, that is the rows of 
M are different, this cannot be stated about M* . Moreover a key K cannot 
determine the row if the entries of the unreliable matrix M* are given in the 
columns belonging to K. In the present paper we will investigate such sets of 
attributes (columns) which uniquely determine the individual from M* . We say 
that C is an e- error- correcting key if it has this property, that is, knowing the 
entries of M* in the columns belonging to C, the individual (and its row in M) 
can be uniquely determined. 

The number of different entries in two rows is called the Hamming distance 
of these two rows. The m x \C\ submatrix of M determined by the set C of its 
columns is denoted by M{C). If the Hamming distance of any two rows of M{C) 
is at least 2e -I- 1 then the Hamming distance of any two rows of M*{C) is at 
least 1, that is, knowing the entries of the unreliable matrix in C it determines 
the row uniquely, C is an e-error correcting key. The converse is true, too: if 
the Hamming distance of two rows of M{C) is at most 2e then it may happen 
that the rows are equal in M*{C), that is, C is not an e-error-correcting key. 
We obtained the following proposition. 

Proposition 1.1. C G fi is an e- error- correcting key iff the pairwise Hamming 
distance of the rows of M{C) is at least 2e -I- 1. □ 

2 Error Correcting Keys 

It is easy to see that if the pairwise Hamming distance of the rows of M{C) is at 
least 2e then the knowledge of M* (C) detects the error, but does not determine 
the row uniqely. This case is less interesting, but it makes worth introducing 
the more general definition: C C 17 is called a d-distance key iff the pairwise 
Hamming distance of the rows of M (C) is at least d. 
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The main aim of the present investigations is to find connections between 
the family of keys and the family of d-distance keys. The next proposition is the 
first step along this line. 

Proposition 2.1. C C fi is a d-distance key iff for any choice oi, . . . , Ud-i G C 
one can find a K € IC such that K C C — {oi, . . . , ad-i\- 

Proof. The necessity will be proved in an indirect way. Suppose that there exist 
ai, . . . , Ud-i G f? such that C — {ai, . . . , ad-i\ contains no member of /C, that 
is, C — {oi, . . . , Od-i} is not a key. Therefore there are two distinct rows of M 
which are equal in M{C — {ai, . . . , Od-i}). The Hamming distance of these two 
rows in M{C) is less than d. This contradiction completes this part of the proof. 

To prove the sufficiency suppose, again in an indirect way, that M(C) con- 
tains two distinct rows with Hamming distance < d. Delete those columns where 
these columns are different. We found a set C — {ai, . . . , Od-i} satisfying the con- 
dition that M(C — {ai, . . . ,ad_i}) contains two distinct rows which are equal 
everywhere, therefore C — {oi, . . . , ad-i} is not a key in M, it cannot contain a 
member of /C. □ 



It is easy to see that the family K, of minimal keys is non-empty and inclusion- 
free, that is, Ki,K 2 G K.,Ki ^ implies Kx K 2 - On the other hand, it is 
known ([1], [2]) that there is a database for any non-empty inclusion-free family 
/C in which this is the family of all minimal keys. This is why it is sufficient 
to give a non-empty inclusion-free family rather than constructing the complete 
database or matrix. Note that, by Proposition 1.2, /C and d determine Cd — 
where Cd denotes the family of all minimal d-distance keys — , therefore the 
notation Cd(/C) will be used, if it is necessary to emphasize that Cd is generated 
by K.. 

Our first observation is that it may happen that there is no d-distance key 
at all. Fix an element a G 17 (that is, a column) and an integer 2 < k. Define 
JC as the family of all ^-element sets (c 17) containing a. Then C — {a} cannot 
contain any key, so the condition of Proposition 2 does not hold for any C if 
2 < d: there is no d-distance key in this database for 2 < d. 

On the other hand, if 1C consists of all /c-element subsets of 17 then all sets 
C with at least A: -I- d — 1 elements are d-distance keys. In the case when there 
are d-distance keys, it is enough to consider the minimal ones. Our last example 
suggests that the sizes of the members of Cd do not exceed the sizes of the 
members of 1C by too much. We will show that this is not really true. 

Now we introduce some notations. Let (^^,) denote the family of all subsets 
of 17 with size not exceeding k. Furthermore 

/i(/C,d)=min{|C|:CGCd(/C)}, 

/ 2 (/C,d)=max{|C|:CGCd(/C)}, 

fifn,k,d)= max /i(/C,d). 

'Cc(<^,) 

We will prove the following theorem in Section 2. 
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Theorem 2.1. 



cik"^ < fi{n, k, d) < f 2 {n, k, d) < C 2 k‘^ 



holds for no{k,d) < n where c\ and C 2 depend only on d. 

Section 3 contains suggestions how to continue this research. 

3 The Proof 

Let /C be a family of subsets of fl. We say that the elements ai, . . . Od-i G 17 
represent K, if each K G 1C contains one of the as. Proposition 1.2 can be said in 
the form that C C 17 is a d-distance key iff no d — 1 elements can represent the 
family {K : K G 1C, K C C}. If C is minimal with respect to this property then 
no proper subset of C has the above property, that is, for all a € C the family 
{K : K G JC,K <Z C — {a}} can be represented by d — 1 elements. This gives a 
new variant of Proposition 1.2: 

Proposition 3.1. C G Cd iff {K : K G JC,K G C} cannot be represented by 
d — 1 elements, but it can be represented by d elements a,ai, . . . , Ud-i where a 
can be given arbitrarily in C, in advance. 

□ 

Lower estimate. We give a non-empty, inclusion-free family 1C consisting 
of Ic-element sets which generates a Cd consisting of one member having size at 
least ck'^. 

Fix an integer 1 < z and take a subset A C 17 of size z -I- d — 1. Let Tli, ^ 2 , ■ • ■ 
be all the z-element subsets of A and 

/C(z) = {Ai U Bi, A 2 U B 2 , ■ . ■} , 

where A, Bi,B 2 , ■ ■ ■ are pairwise disjoint and |i?i| = |i? 2 | 
be carried out if 

7 1 f i ~\~ d — l\/, 

z-l-d— l-|-( . j(fc — z)<n 

Show that the only member of Cd{IC{i)) is C = ^ U CiBi. It is easy to see that 
/C(z) cannot be represented by d — 1 elements. On the other hand, if a S Bj for 
some j then the d-element {a} U (^ — Aj) represents 1C. If, however, a G A then 
any d-element D G A containing a represents K., therefore C is really a member 
of Cd{IC{i)). It is easy to see that there is no other member. 

Choose i = - Then the size of C, given by the left hand side of 

(2.1) asymptotically becomes 



= ■ ■ ■ = k — i. This can 
(2.1) 



d^(d-l)! ■ 



□ 
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Upper estimate. Let C G Cd{IC) where 1C C We will prove that 

\C\< dk'^. Since we have to consider only the subsets of C, so it can be supposed 
that all members of 1C are subsets of C. 

Proposition 2.1 defines d-element subsets D of C each of them is representing 
1C. Moreover, still by Proposition 2.1, their union is C. Denote this family by T>. 
We know 

Uice/c = Cloev = C, (2.2) 

for all DgV,K € 1C (2.3) 

and K, cannot be represented by a set with less than d element. 

Let I C C. Define the /-degree of T> as the number of members of T> con- 
taining I, that is, 

degi(V) = \{DGV: I C D}\. 



Lemma 3.1. 

degj{V) < 

Proof. We use induction on j = d — |/|. Suppose that j = d — \I\ = 1, that 
is, |/| = c? — 1. If all members of K. meet I then 1C can be represented by / — 1 
elements, a contradiction. Therefore there is a, K G K. which is disjoint to I. 
By (2.3) all the sets D satisfying I C D must intersect this K, therefore their 
number is < \K\ < k. This case is settled. 

Now suppose that the statement is true for j = c? — |/| > 1 and prove it for 
j+1 = d—\I\. Let |/*| = d—j — 1. There must exist a K G IC,KnI* = 0 otherwise 
K. is represented by less than d elements, a contradiction. Let K = {x \, . . . , x/} 
where I < k. By (2.3) we have 

{DgV: I* cD} = GV: (J* U {xJ) C D}. (2.4) 

The sizes of the sets on the right hand side are degJ.,^J^^.y{'D) which are at most 
k'^-f by the induction hypothesis. Using (2.4) 

degj, (V) < Ik'^-^ < 

is obtained, proving the lemma. □ 

Finally, consider any K = {yi, . . . , j/^} G Af where r < /. By (2.3), the 
families {D gT> ■. yt G D} cover T>. Apply the lemma for I = {yi}'. 

{DGV-.y,GD}< k’^~^ . 



This implies \V\ < k'^ and 



I Ud6I5 D\ < \V\d < dk'^. 
Application of (2.2) completes the proof: \C\ < dk’^. 



□ 
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Let us emphasize the simplest case when the probability of an incorrect data 
is so small that practically at most one data of an individual can be incorrect. 
In this case e = 1, d = 3, therefore, if the minimal keys have at most k elements, 
then the 1-error-correcting keys have at most elements, and this is sharp up 
to a constant factor. So even in this simple case, the error-correcting keys may 
be much larger then the keys. 

4 Further Problems 

1. Although Theorem 2.1 determines the order of magnitude of fi(n,k,d), 
it does give the exact value. We believe that the lower estimate is sharp. 

Conjecture 4.1 



fi{n,k,d) = maxjt -|- d — 1 -I- 

i 






(fc-z)}. 



holds for no{k,d) < n. 

2. Knowing 1C, can we effectively compute Cd (for a given d)? If k is fixed, 
then Theorem 1.3 shows that the problem can be decided in polynomial time. If 
the size of K, is exponential, then this is trivial. We cannot answer the question, 
e.g. when K, consist polynomially many sets with unbounded sizes. 

3. It is very easy to characterize the families which can be the family of 
minimal keys of a database. Can it be done for C^? 

4. The investigations of the paper should be extended for the dependency 
structure of the databases. 

5. The questions analogous to the results of the present paper can be asked 
for any other database model, replacing the relational one. 

6. The following problem sounds similar to the problem treated here, but it is 
actually very different. Suppose that the data go through a noisy channel, where 
each data can be distorted with a small probability. Try to add new attributes 
to make the effective keys for the transmitted database small. 
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Abstract. We present a probabilistic data model for complex values. 
More precisely, we introduce probabilistic complex value relations, which 
combine the concept of probabilistic relations with the idea of complex 
values in a uniform framework. We then define an algebra for querying 
database instances, which comprises the operations of selection, projec- 
tion, renaming, join, Cartesian product, union, intersection, and differ- 
ence. We finally show that most of the query equivalences of classical 
relational algebra carry over to our algebra on probabilistic complex val- 
ue relations. Hence, query optimization techniques for classical relational 
algebra can easily be applied to optimize queries on probabilistic complex 
value relations. 



1 Introduction 

Databases are a central component of many business and information systems. 
During the past two decades, relational database systems have replaced earlier 
systems and have become a standard for data management. Various needs in 
practice, however, cannot be appropriately managed with current commercial 
database systems, which are largely based on the plain relational data model. 

An important such need is the integration of models of uncertainty into 
databases. Applications that involve uncertainty abound. Research on this issue 
can be divided into four categories [5]: (1) handling null values, (2) retrieval of 
incomplete data, (3) management of vague data (for example, “John is tall”) in 
fuzzy set approaches, and (4) management of ambiguous or imprecise data (for 
example, “John’s salary is between 50K and 70K”) in probabilistic approaches. 
Another important issue is the management of structured objects. The relational 
model has been early generalized for storing structured objects [16], which was 
a step towards object-oriented database systems (see [1] for a background on 
complex values and a historic account). 
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In many applications, especially in the business domain, uncertainty stem- 
s from ambiguity rather than from vagueness. Several models for incorporat- 
ing ambiguity into the relational model have thus been proposed so far (e.g., 
[4,2,5,12,8]; see Section 7 for a discussion of these and further approaches). Infor- 
mally, they attach a probability to each tuple and/or to each value in a set of pos- 
sible values of an imprecise attribute of a tuple. The operations of relational alge- 
bra are then generalized to combine these probabilities in a suitable way, adopt- 
ing some underlying assumptions (like independence or disjointness of events). 

In this paper, we extend this line of research to databases storing structured 
objects. In detail, we present a probabilistic data model for complex values. To 
our knowledge, there is not much work in this direction so far. A probabilistic 
version of NF2 relations has been presented in [7] (building on earlier work [8] and 
making some limiting assumptions; see Section 7 for a comparison to our work). 

Our model generalizes a similar model of annotated tuples [12] to complex 
values [1]. Informally, every complex value v is associated with a probability 
interval [l,u] and an event e, forming a quadruple (v,l,u,e). The interval [Z,m] 
represents the likelihood that v belongs to the database, and e records informa- 
tion about how this value was derived. Note that interval probabilities provide 
a greater flexibility than point probabilities, and seem better suited especially 
to represent imprecise and subjective probabilistic knowledge. Moreover, we use 
intervals also for technical reasons (under the assumed probabilistic knowledge, 
even when using only point probabilities, we generally specify a set of probabil- 
ity distributions, rather than a unique single distribution). The following is an 
example of a relation containing probabilistic complex values: 



V 


1 


u 


e 


patient 


diseases 


0.7 


0.9 


Cl V 62 


John 


{lung cancer, tuberculosis} 


patient 


diseases 


0.5 


0.7 


es 


Jack 


{leprosy} 



Observe that in the above model, probabilities are assigned to a complex 
value as a whole, and no impreciseness in attributes, given by sets of values with 
probabilities attached, can be explicitly expressed in the language. It has been 
shown in [12] that each tuple with imprecise attribute values can be represented 
by an annotated tuple, and that such a representation can be efficiently com- 
puted. Applying similar techniques, complex values with imprecise attributes 
may be represented by probabilistic complex values as above. To keep our model 
simple, we do not consider imprecise attributes here. 

On top of our model, we define a relational algebra that uses, following [12], 
generic functions O, 0, © for computing the probability range of the conjunction, 
disjunction, and difference of two events Ci and C2 from the probability ranges 
[^i,Mi] and [l 2 ,U 2 ] of Ci and 62, respectively. Instances of these functions are 
selected according to the relationship between ci and 62 - For example, if Ci and 
62 are independent, then the probability range of ci AC2 is given by [h-h, ui -^2]. 
However, if nothing is known about how ei and 62 relate, then it is given by 
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[max(0,^i + I 2 — 1), min(ui, ^2)]. Such generic functions allow us to remove the 
explicit or implicit assumptions about joint occurrence of tuples and/or attribute 
values in relations that are present in other approaches (see [4,2,5,8]). 

We further refine [12] by giving a model-theoretic definition of probabilistic 
combination strategies, which assumes a probabilistic semantics in which prob- 
ability distributions are defined over a set of possible worlds. Furthermore, we 
propose probabilistic difference strategies that are not necessarily derived from 
conjunction strategies and negation. We show that these refinements lead to 
more precise results in certain cases (see Example 2.8). 

The main contributions of this work can be briefly summarized as follows: 

• We give a model-theoretic definition of probabilistic conjunction, disjunction, 
and difference strategies, which is based on a possible worlds semantics. 

• We present a data model that is based on probabilistic complex value rela- 
tions, which generalizes previous data models in the literature [12,1]. 

• We define an algebra for querying database instances. 

• We present equivalence results for query expressions, which can be used 
for query optimization. Since our model generalizes the one in [12], these 
results also apply to [12] as a special case. Note that the results on query 
equivalences in [12] are limited to the relationship between compaction and 
the standard relational algebra operators. 

The rest of this paper is organized as follows. Section 2 gives some preliminar- 
ies. Sections 3 and 4 define the data model and the algebra. In Sections 5 and 6, 
we focus on query equivalences and optimization. Section 7 discusses related 
work, and Section 8 gives a short summary and an outlook on future research. 

Note that for space limitations, proofs of the results are omitted (detailed 
proofs of the results are essentially given in [18]). 

2 Probabilistic Background 

In this section, we describe the probabilistic background of our approach to prob- 
abilistic complex value databases. We assume a semantics in which probabilities 
are defined over a set of possible worlds (see especially [3,9,17,10]). Note that we 
adopt some technical notions from [13,14]. 

The main aim of this section is to give a model-theoretic definition of prob- 
abilistic conjunction, disjunction, and difference strategies, which have been in- 
troduced by an axiomatic characterization in [12]. Given the probability ranges 
of two events e\ and 62, these strategies compute the probability range of the 
events ci V 62, ei A 62, and e\ A ->62, respectively. We allow a variety of differ- 
ent probabilistic conjunction, disjunction, and difference strategies to take into 
account the different dependencies between the two events e\ and e^- 

We assume a set of basic events B — {61, 62, ■ • ■ , &«} with n > 1. The set of 
events is the closure of B under the Boolean operations ^ and A . As usual, we use 
(ei Ve2) to abbreviate ^(->ei A->e2). We use T and T to abbreviate the false event 
(biA^bi) and the true event ^(6iA^6i), respectively. A probabilistic pair (e, [I, m]) 
consists of an event e and an interval [l,u] C [0, 1], where I and u are rational 
numbers. We use _L and T to abbreviate (T, [0, 0]) and (T, [1, 1]), respectively. 
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Informally, each tuple t in our probabilistic complex value database will be 
associated with a probabilistic pair (e,[l,u\). Intuitively, this means that t is 
identified with e and that the probability of t lies in the interval range [l,u\. 
More precisely, each tuple in a base relation will be assigned a probabilistic pair 
(e, [^,u]) with a basic event e. Moreover, each derived tuple t will be assigned a 
general probabilistic pair (e, [l,u]), where e encodes some information on how t 
is computed from tuples in the base relations. 

An implication (resp., negative correlation, positive correlation, independence) 
formula is an expression a ^ b (resp., NC{a, b), PC {a, b), Ind{a, b)) with events a 
and b. A dependence information on two events a and 6 is a subset of KB* {a, b) = 
{Ind{a, b), NC{a, b), PC{a, 6), a — > 6, 6 — > a, a A 6 — > _L, T ^ a V 6}. 

Informally, to express that the probability of two events ei and C2 lies in the 
intervals [Zi,ui] and [^2,^2]) respectively, we will use the two probabilistic pairs 
(ei,[Zi,ui]) and (c2, [^2, M2]), respectively. The relationship between ci and 62 
will then be encoded by some dependence information KB C KB*{e\, 62). 

A classical interpretation / is a truth assignment to the basic events in B, 
which is extended to all events as usual (that is, (ei AC2) is true in / iff ci and 62 
are true in I, and is true in / iff e is not true in I). We write / ^ e iff e is 
true in I. We use Jg to denote the set of all classical interpretations on B. 

A probabilistic interpretation Pr is a mapping Pr\ 2 s [0, 1] such that all 
Pr{I) with I G 2 s sum up to 1. It is extended to all events e as follows: 

Pr{e) = J2ieii,,i^e Pr(I) . 

It is important to point out that probabilistic interpretations are defined on 
the set of all classical interpretations and not on the set of all basic events. 
That is, we do not assume that the basic events are pairwise mutually exclusive. 
Moreover, we do not assume that the basic events are pairwise independent. 

The truth of probabilistic pairs, implication formulas, negative correlation 
formulas, positive correlation formulas, and independence formulas T’ in a prob- 
abilistic interpretation Pr, denoted Pr |= F, is defined as follows: 



Pr 


h (e, [ 1 , 


r.]) 


iff 


Pr{e 


) G [^, m] , 


Pr \= a ^ 


b 


iff 


Pr{a 


A6) = 


Pr{a) , 


Pr 


h NC{a 


.b) 


iff 


Pr{a 


> 

J 


= min(Pr(a), Pr{~^b)) , 


Pr 


h PC{a 


,b) 


iff 


Pr{a 


A6) = 


min(Pr(a), Pr{b)) , 


Pr 


1= Ind{a 


,b) 


iff 


Pr{a 


A6) = 


Pr{a) ■ Pr{b) . 



A probabilistic interpretation Pr is a model of a formula f iff Pr |= F. 
Pr is a model of a set of formulas F, denoted Pr |= F, iff Pr is a model of all 
F G F . The set F is satisfiable iff a model of F exists. A formula P is a logical 
consequence of F, denoted IF |= P, iff each model of F is also a model of P. 

The next result shows that there are combinations of probabilistic pairs 
(ei,[Zi,uij) and (c2, [?2, M2])} with dependence information KB C KB* {01,02) 
that are unsatisfiable (note that this fact remains unmentioned in [12]). 

Lemma 2.1. Letp\ = {ei,[li,ui\) andp2 = {e2,[l2,U2]) be two probabilistic pairs 
and let KB be a dependence information on ei and 62 such that KB U {pi,P2} 
is satisfiable. Then, all the following conditions hold: 
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1. If KB 1= ei A 62 — > -L, then h + h < 1- 

2. If KB ^ 6i ^ 62, then h < ui. 

3. If KB \= C2 ^ Cl, then h < ui. 

4- If KB 1= T ^ 6i V 62, then ui + U2 > 1. 

Example 2.2. Let pi andp2 be given by {e, [.5, 1]) and (^6, [.6, 1]), respectively, 
and let KB = 0. Then, KB U {pi,P2} is not satisfiable, since KB |= e A ->e ^ T 
and 0.5 + 0.6 > 1 (intuitively, the lower bound 0.6 for the probability of ^e 
implies the upper bound 0.4 < 0.5 for the probability of e). 

We next define the notion of tight logical consequence for probabilistic pairs. 
A probabilistic pair (e, is a tight logical consequence of a satisfiable set 

of formulas iF, denoted T \=Hght (e, iff I and u are the infimum and 

supremum, respectively, of Pr{e) subject to all models Pr of T . 

We are now ready to define probabilistic conjunctions, disjunctions, and dif- 
ferences of probabilistic pairs. Let p\ = (ei, [?i, ui]) and p2 = (c2, [^2, M2]) be two 
probabilistic pairs and let KB C KB* {01,02) such that KB U {pi,_P2} is satisfi- 
able. The probabilistic conjunction, disjunction, and difference ofpi andp2 under 
KB, denoted pi® kb P2, Pi®kbP2, andpi©i6sp2, respectively, are defined as the 
probabilistic pairs (eiA62, (eiVe2, and (eiA-'e2, [?,«-]), respectively, 

where [I, u] such that (ei A 62, [I, uj), (ei V 62, [I, m]), and (ei A ^62, [I, uj), respec- 
tively, are tight logical consequences of KBLl{pi,p2} (note that the structure of 
KB ensures that both I and u are rational). 

Informally, to compute the probability range [l,u] of 6i A 62, ci V 62, or 
6i A-162 from the probability ranges [^i, mi] and [?2, M2] of ci and 62, respectively, 
we first collect all available dependence information KB C KB* {61,02) on 6i 
and 62. We then check whether KB U {(ei, [?i, ui]), (62, [I2, M2])} is satisfiable. If 
this is the case, it just remains to compute the unique tight logical consequences 
(eiA62, [I, m]), (eiV62, [I, m]), or (eiA-'e2, [I, m]) of KBij{{ei, [h,ui]), {02, [I2, M2])}- 
Both the satisfiability check and the computation of the tight logical consequence 
can effectively be done by using linear and nonlinear programming techniques. 

We next introduce the notions of probabilistic conjunction, disjunction, and 
difference strategies. Let us first give some motivating background. 

In query expressions of our algebra, each occurrence of a probabilistic com- 
bination operator stands for the probabilistic combination of several pairs of 
probabilistic pairs. Moreover, each such occurrence will be parameterized with a 
dependence information KBgt KB*{a,b), where a and b are two new distinct 
basic events. For example, ri u®*" ri will denote the union of two relations ri 
and 62 under the dependence information KBin = {Ind{a,b)}. This dependence 
information KBgt can now be used in the following ways: 

Dynamic Dependence: Given two probabilistic pairs pi = (ei,[^i,Mi]) and 
P2 = (c2, [^1, M2]), we compute pi ®kb P2, Pi ®kb P2, and pi Qkb P2, where 
KB is given by KBgt U {ei ^ o, a ^ 6i, 62 — > 6, 6 ^ 62}. 

Static Dependence: For any two probabilistic pairs pi = (ei, [^i, mi]) and p2 = 
(c2, [^i,M 2]), we compute p\ ®KB,t p'2, p'l ®KB,t p'2, and p[ QxB.t p'2, where 
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p[ = {a, [^i,Mi]) and p'2 = {b, [li,U2]), instead of pi ®kb P2, Pi ®kb P2, and 

Pi QkbP2, respectively (that is, we ignore the concrete events ci and 62). 

Dynamic Dependence has nice properties from the semantic point of view, 
since it exploits all the (locally) available dependence information. Static De- 
pendence, in contrast, implies nice computational properties. Firstly, the de- 
pendence information KBgt is in itself complete (that is, we do not have to 
compute any other relationships that are implicitly encoded in the structure of 
some concrete events ei and 62). Secondly, some specific dependence information 
KB St often implies nice algebraic properties of ®KB^t^ ®KB^ti OxB^ti which 
are known in advance, and can thus be exploited for query optimization. 

In the sequel, we implicitly assume Static Dependence (which can be seen 
as one of the main motivations behind probabilistic combination strategies). 

Let KB C KB*{a,h) be a dependence information on two distinct basic 
events a and b. The probabilistic conjunction (resp., disjunction, difference) s- 
trategy for KB is the unique function ® (resp., ©, 0) that associates any t- 
wo probabilistic pairs {ci,[li,ui]) and (c2, [^2, M2]), where KB U {(a, [?i, uij), 
(6, [?2,M2])} is satisfiable, with the probabilistic pair (a, [?i,ui]) ®kb {b, [^2, M2]) 
(resp., (a, [h,ui]) ®kb {b, [?2,M2]), (a, [^i,mi]) Qkb {b, [^2,M2])). 

Example 2.3. Let p\ = {ei,[li,ui\) and P2 = (c2, [^2, M2]) be two probabilistic 
pairs. The probabilistic conjunction, disjunction, and difference strategies for KB 
among 0, {Ind{a, b)}, {PC{a, b)}, {a — > 6}, and {a A 6 — > 0} (we refer to these 
cases by ignorance, independence, positive correlation, left implication, and mu- 
tual exclusion, respectively) are given in Table 1. Note that the probabilistic 
conjunction and disjunction strategies for ignorance, independence, positive cor- 
relation, and mutual exclusion are already known from [12]. 

We next focus on the properties of probabilistic combination strategies. Let 
us first introduce some necessary notations. 

For probabilistic pairs p= (e, [^, u]), we write t{p) to denote [l,u]. For intervals 
[ri, si], [r2, S2] C [0, 1], we write [ri, si] < [r2, S2] to denote r\ < V2 and si < S2. For 
probabilistic pairs pi and p2, we write pijfp2, Pi=P2, Pi^P2, and pi >P2 to 
denote t{pi) C 1(^2), i(pi) = i-{p2), t-{pi) < t-{p2), and t{pi) > i{p2), respectively. 

Let KB C KB* {a, b) with two distinct basic events a and b. The probabilistic 
conjunction (resp., disjunction) strategy 0 (resp., ©) for KB is commutative iff 
Pi®P2 = P2®Pi (resp., pi®p2 = P2 0Pi) for all probabilistic pairs pi andp2- It is 
associative iff (pi0p2)0P3 = Pi®{p2®Pz) (resp., {pi®P2)®Pz = Pi®{p2®Pz)) 
for all probabilistic pairs p\, p2, and p^. We say that 0 is distributive over © iff 
Pi 0 (P2 © Pa) = (pi 0 P2) © (pi 0 Ps) for all probabilistic pairs pi, p2, and p^. 

For associative probabilistic disjunction strategies © and probabilistic pairs 
Pi,P2, ■ ■■ ,Pk with fc > 1, we write 0ig[i.fe]Pi to denote pi © P2 © • • • © Pfe- 

Example 2.4. It can easily be verified that the probabilistic conjunction and 
disjunction strategies for ignorance, independence, positive correlation, and mu- 
tual exclusion are all commutative and associative. Moreover, for positive corre- 
lation, the conjunction strategy is distributive over the disjunction strategy. 
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Table 1. Examples of probabilistic combination strategies 



ignorance 


Pi ®ig P2 = (ei A 62, [max( 0 , h + h — 1), min(Mi, U2)]) 
Pi<SigP2 = (ei V 62, [max(li, 12), min(l. Ml 0 M2)]) 

Pi Qig P2 = (ei A -162, [max( 0 , h - M2), min(Mi, 1 - ^2)]) 


independence 


Pi ®in P2 = (ei A 62, [b • I2, Ml • U2]) 

Pi ©in P2 = (ei V 62, [b + I2 — ll ■ I2, Ml 0 M2 — Ml • M2]) 
Pi Bin P2 = (ei A -162, [b • (1 - M2), Ml • (1 - b)]) 


positive correlation 


PiBpcP2 = (61 A 62, [min(b, b), min(Mi, M2)]) 

PiBpcP2 = (61 V 62, [max(b, b), max(Mi, M2)]) 

Pi Qpc P2 = (61 A -162, [max( 0 , b - M2), max( 0 . Mi - b)]) 


left implication 


Pi®iiP2 = (ei A 62, [b, min(ui,M2)]) 

Pi©iiP2 = (ei V 62, [max(b, b). Ml]) 

Pi Qii P2 = (ei A -162, [max( 0 , b - M2), Mi - b]) 


mutual exclusion 


Pi ©me P 2 = (61 A 62, [0, 0]) 

Pi ©me P2 = (61 V 62, [min(l, b 0 b), min(l, mi 0 U2)]) 
Pi ©me P2 = (61 A -162, [b , min(Mi, 1 - b)]) 



Rather than defining probabilistic conjunction and disjunction strategies by 
a rigorous foundation on probability theory, the work in [12] gives a characteri- 
zation by the postulates Bottomline, Ignorance, Identity, Annihilator, 
Commutativity, Associativity, and Monotonicity (see [12] for details). 

Indeed, all probabilistic conjunction and disjunction strategies satisfy Igno- 
rance, (a slight variant of) Identity, and Annihilator. 

Lemma 2.5. Let KB C KB*{a,b) with two distinct basic events a and b. Let 0, 
0 , andQ be the probabilistic combination strategies for KB . Then, the conditions 
shown in Table 2 hold for all probabilistic pairs pi = {ei,[li,ui\) and p 2 = 
(e2, [^2,^2]) such that KB U {(a, [A,ui]), {b, [^2,^2])} is satisfiable. 

However, there are probabilistic conjunction and disjunction strategies 0 and 
0 that do not satisfy the postulate Bottomline, which says that pi 0 P2 < 
(eiAc2, [min(A, ^2), min(Mi, M2)]) andp\®p 2 > [cTJe^, [max(A, ^2), max(Mi, M2)]), 
respectively, for all probabilistic pairs pi = (ei,[?i,Mi]) andp 2 = (e 2 ,[? 2 ,M 2 ]) such 
that Pi 0 p 2 and Pi ®P 2 , respectively, are defined. 



Example 2.6. We show that the probabilistic conjunction and disjunction stra- 
tegies for left implication do not satisfy Bottomline. Let the two probabilistic 
pairs Pi and p 2 be given by (ei, [.2, .7]) and (e2, [.5, .8]), respectively. It can easily 
be verified that {b a, {a, [.2, .7]), {b, [.5, .8])} is satisfiable. Moreover, we get: 



Pi <^ii P2 = (ei A 62, [.5, .7]), but [min(A, ^2), min(Mi, M2)] = [.2, .7] , 
Pi ®ii P2 = (ei V 62, [.5, .7]), but [max(A, ^2), max(Mi, M2)] = [.5, .8] . 
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Table 2. Properties of probabilistic combination strategies 



Ignorance 


P 10 P 2 C Pi ®ig P 2 
Pi © P 2 C Pi ©ig P 2 
Pi © P 2 C Pi ©ig P 2 


Identity 


Pi ©p2 = P2, if [b,wi] = [1, 1], a A 6 ^ ^ KB, and a ^ b KB 

Pi ©p2 = pi, if [l2,U2] = [1, 1], a A 6 ^ ^ KB, and b ^ a KB 

Pi ©p2 = P2, if [b,wi] = [0,0], T —> a\/ b ^ KB, and b —> a ^ KB 

Pi ©P2 = Pi, if ]^2,W2] = [0,0], T —> a\/ b ^ KB, and a^b ^ KB 

Pi ©P2 = Pi, if [l2,U2] = [0,0], T —> a\/ b ^ KB, and a —> b ^ KB 


Annihilator 


Pi ©p 2 = ©, if [h,ui] = [0,0] or [^2,112] = [0,0] 

Pi ©P2 = T, if [b,wi] = [1, 1] or [^2,112] = [1, 1] 

Pi ©P2 = ©, if [li,ui] = [0,0] or [^2,112] = [1, 1] 



Furthermore, there are probabilistic conjunction and disjunction strategies 
that do not satisfy Commutativity (that is, that are not commutative). 

Example 2.7. We show that the probabilistic conjunction and disjunction stra- 
tegies for left implication do not satisfy Commutativity. Let the two proba- 
bilistic pairs Pi and p 2 be given by (ci, [.2, .7]) and (c2, [.5, .6]), respectively. It 
can easily be verified that {b a, {a, [.2, .7]), (6, [.5, .6])} is satisfiable. We get: 



Pi P2 = (ei A 62 , [.5, .6]) ^ (62 A 6i, [.2, .6]) = P2 Pi , 

Pi 0 ii P2 = (ei A 62, [.5, .7]) ^ (62 A 6i, [.5, .6]) = P2 Pi ■ 

Finally, we give an example in which our rigorous model-theoretic approach 
yields more precise intervals than the axiomatic approach in [12]. 

Example 2.8. Let us consider the case of left implication. Let the two proba- 
bilistic pairs Pi and p 2 be given by (ci, [.2, .7]) and (62, [.5, .6]), respectively. It 
can easily be verified that {b — > a, (a, [.2, .7]), (5, [.5, .6])} is satisfiable. We get: 



Pi P2 = (ei A 62, [.5, .6]) , 

Pi P2 = (ei V 62, [.5, .7]) , 

Pi Qii P2 = (ei A ^62, [0, .2]) . 

The approach in [12], in contrast, just produces the probability ranges [.2, .6], 
[.5, .7], and [0, .5], respectively, which are obtained from pi and p2 by the com- 
putations Pi ®pcP2 = (ei A62, [.2, .6]), Pi ®pcP2 = (ei Vc2, [.5, .7]), and pi Qp2 = 
(61, [.2, .7]) (8>ig (^62, [. 4 , .5]) = (ei A -162, [0, .5]), respectively. 



3 Data Model 

In this section, we define probabilistic complex value relations. 
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Let ^ be a nonempty set of attribute names and let T be a nonempty set of 
atomic types. We define complex value types (or simply types) by induction as 
follows. Every atomic type from T is a type. If T is a type, then the set {T} 
is a type. If Ai, . . . , with fc > I are distinct attribute names from A and 
Ti, . . . , Tfc are types, then the mapping T = {{Ai,Ti), {Au,Tu)} is a type 
(called tuple type). It is abbreviated by [Ai : Ti, . . . , Ak'. Tk]. We call Ai, ... ,Ak 
the top-level attribute names of T. We use T.Ai to denote Ti. 

Every atomic type T G T is assigned a domain dom(T). We define complex 
values by induction as follows. For all atomic types T G T, every v G dom(T) is 
a complex value of type T. If ui, . . . , Ufc with k > 0 are complex values of type T, 
then the set {fi, . . . , Vk} is a complex value of type {T}. If Ai, . . . , Ak with k> 1 
are distinct attribute names from A and vi, . . . ,Vk are complex values of types 
Ti, . . . , Tfc, then the mapping {(^i, ui), . . . , (Ak,Vk)} is a complex value of type 
[^ 1 : Ti, . . . , Afc : Tfc]. It is abbreviated by [Ai : vi,...,Ak: Vk]. 

Given a tuple type T, a complex value tuple (cv-tuple) of type T is simply 
a complex value of type T. For cv-tuples t = [Ai : vi, . . . , Ak'. Vk], we use v.Ai 
to denote Vi. A complex value relation {cv-relation) of type T is a finite set of 
cv-tuples of type T. 

A probabilistic complex value tuple {pcv-tuple) of type T is a mapping t of the 
kind {(data, u), (lb, r), (ub, s), (path, e)}, where u is a cv-tuple of type T, r and 
s are rational numbers with 0 < r < s < 1, and e is an event. It is abbreviated 
by [data: v, lb: r, ub: s, path: ej. We use t.data, t.lb, t.ub, t.path, and t.prob to 
denote v, r, s, e, and ([r, s], e), respectively. A probabilistic complex value relation 
{pcv-relation) of type T is a finite set of pcv-tuples of type T. 

A base pcv-relation is a pcv-relation r such that t.path G B for all t G r and 
that G.path ^ t 2 .p 3 th for all t\,t2 G f with ti.data ^ t2-data. A probabilistic 
complex value database is a finite set of base pcv-relations that are defined over 
pairwise disjoint sets of basic events. 

A pcv-relation r is called compact iff T.prob = t2-prob for all ti,t2 G r with 
ti.data = t2-data. In the sequel, we identify compact pcv-relations r of type R 
with pairs (< 5 , /r), where (5 is a cv-relation of type R and /i is a mapping from S 
to the set of all probabilistic pairs. 

Each non-compact pcv-relation can be transformed into a compact pcv-rela- 
tion by applying a compaction operation: Given a pcv-relation r and a commu- 
tative and associative probabilistic disjunction strategy 0, the compaction of r 
under 0, denoted K®(r), is defined as the pcv-relation {S,p,), where: 

• S = {ujdwGr: w.data = u}, 

• k{y) = 0«,er.».data=««'-P''ob for all vGS. 

In the sequel, we thus assume that all pcv-relations are compact. Moreover, 
we assume that t.prob ^ _L for all tuples t in a pcv-relation r (that is, we make 
the closed world assumption that t.prob = _L for all t ^ r). 

Example 3.1. A compact pcv-relation is shown in Table 3. It contains infor- 
mation about chemical experiments in which several substances are checked for 
a certain ingredient. Each experiment yields information about the substance 
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analyzed (substance-id), the laboratory (lab), the date (date), the assistants who 
did the experiment (assistants), and the result (a-result). 

The probabilistic information in this pcv-relation can be interpreted as sub- 
jective belief of an agent. Each pcv-tuple t then means that the probability that 
t.data holds in the real world ranges from t.lb to t.uh. For example, the first 
pcv-tuple t could say that the probability that substance S89 was analyzed in 
laboratory L17 on 02/17/99 by Jack and Jill with positive a-result lies between 
0.7 and 0.8 (this could mean that we are unsure about the whole information in 
t.data or that we are just unsure about the a-result). Another possible interpre- 
tation is that the probability that the positive a-result describes correctly the 
properties of substance S89 lies between 0.7 and 0.8. 



Table 3. A compact pcv-relation 



• • •• 


M 


• • 


• • •• 










0.7 


0.8 


ei 








S89 


M • 


• • •• 


• ••••••• •• 


-f 


L17 


02/17/99 


{Jack, Jill} 










0.6 


0.9 


62 








S89 


•• • 


• • •• 


• ••••••• •• 


-f 


LIO 


02/13/99 


{Joe, Jim} 










0.5 


0.7 


63 








S64 


M • 


• • •• 


• ••••••• •• 


- 


L12 


02/17/99 


{Janet, Jill} 



4 Algebra 

In this section, we define an algebra on probabilistic complex value relations. 

4.1 Selection, Projection, and Renaming 

We first define the selection operation on pcv-relations. 

Let a; be a tuple variable. We define terms by induction as follows. A term is 
a complex value v, the tuple variable x, or an expression t.A, where t is a term 
and A belongs to AU {data, lb, ub}. We define selection conditions by induction 
as follows. If ti and t 2 are terms and 9 belongs to {=, <, G, C}, then ti 9t2 is a 
selection condition (called atomic selection condition). If and 4>2 are selection 
conditions, then and {<f)i A (j) 2 ) are selection conditions. We use (/>i y (j) 2 ) to 
abbreviate A 

The interpretation of a term t in a pcv-tuple w, denoted [t]wi is inductively 
defined by [x]w = w, and = [tJuj.A if is defined. 

A selection condition <f> is applicable to a tuple type T iff for all atomic 
selection conditions ti 9 12 that occur in (j) and all pcv-tuples w of type T : 
[ti]w, [t 2 ]w, and [ti]w9[t2]w are defined. A selection condition (f> is probability- 
free iff it does not contain the expressions lb and ub. 
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For selection conditions 4> that are applicable to T, the satisfaction of (/) in a 
pcv-tuple w of type T, denoted tc ^ is inductively defined as follows: 

• w\=ti9t2lS [tl]w 9 [t2]w, 

• w \= ~^4> iff not w \= 4>, 

• w\={4>f\'if)iS.w\=4> and w\=if. 

Let r = ((5, /t) be a pcv-relation of type R and let ^ be a selection condition 
that is applicable to R. The selection on r with respect to (j>, denoted is 

the pcv-relation of type R, where: 

• S' = {w I 3 w G r : w.data = v, w \= (j>}, 

• = fi{v) for all V G S' . 

Example 4.1. Let us take the pcv-relation given in Table 3. Let the selection 
condition <f> be defined by 

(/)=(( a;. lb > 0.7 V a;.data.a-result = — ) A 

Jack G a;. data. a-arrangement. assistants ) . 

The result of the selection operation with respect to 4> is shown in Table 4. 



Table 4. Result of selection 



• • •• 


M 


• • 


• • •• 










0.7 


0.8 


ei 








S89 


•• • 


• • •• 


• ••••••• •• 


+ 


L17 


02/17/99 


{Jack, Jill} 



We next concentrate on the projection operation on pcv-relations. We define 
the subtype relationship on all types by induction as follows. If T is an atomic 
type from T, then T be a subtype of T. If Ti is a subtype of T 2 , then {Ti} is a 
subtype of {T 2 }- If ^ 1 , ■ ■ ■ ,Ak with fc > I are distinct attribute names from A 
and Ti, . . . ,Ti, Si, . . . , Sk with I < k are types such that T\, . . . ,Ti are subtypes 
of Si,...,Si, then [Ai: Ti,...,Ar. T/] is a subtype of [^ 1 : Si,...,Ak: S'fc]. 

Let u be a complex value of type T and let S' be a subtype of T. The pro- 
jection of V to S, denoted tts{v), is by induction defined as follows. If S is an 
atomic type, then 7Ts(v) = v. If v = {ui, . . . ,Vk\ and S = {S'}, then 7 Ts(u) = 
{7Ts/(ui), . . . ,7rs/(ufe)}. If u = [Ai: vi,...,Ak: Vk] and S = [Ti : Si,..., A;: Si], 
then 7Ts{v) = [Ai: (ui), . . . , T/ : 7 ts,(u/)]. 

Let r be a cv-relation of type R and let S be a subtype of R. The projection 
of r to S, denoted 7rs(r), is the cv-relation {7T5(t) 1 1 G r| of type S. 

Let r = {S, p) be a pcv-relation of type R, let S be a subtype of R, and let © 
be a commutative and associative disjunction strategy. The projection of r to S 
under ©, denoted 7r®(r), is defined as the pcv-relation {S',p') of type S, where: 
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• S' = {ve TTsiS) I ^ -L}, 

• m'(w) = 0„65,^s(„)=„ Kw) for all V G S'. 

Example 4.2. The projection of the pcv-relation from Table 3 to a tuple type 
over the attribute names substance-id and a-result under (Bpc is given in Table 5. 



Table 5. Result of projection 



• • •• 


M 


• • 


• • •• 




a 


0.7 


0.9 


ei V 62 


S89 


-f 




a 


0.5 


0.7 


63 


S64 


- 



We finally define the renaming operation on pcv-relations. Let T be a type 
and let A denote the set of all attribute names that occur in T. A renaming 
condition for T is an expression B\, . . . ,Bi ^ C\, . . . ,Ci, where Bi, . . . , Bi is 
a sequence of distinct attribute names from A and C\, . . . ,Ci is a sequence of 
distinct attribute names from A — (A — {Bi, . . . ,Bi}). 

Let T be a type and let N = Bi, Bi ^ Ci , . . . , C; be a renaming condition 
for T. The renaming ofT with respect to N, denoted pn(T), is obtained from T 
by replacing each attribute name Bi with z G [1 : ^] by the new attribute name Ci. 

Let z; be a complex value of type T and let N = Bi,. . . ,Bi ^ Ci, ... ,Ci 
be a renaming condition for T. The renaming of v with respect to N, denoted 
Pn(v), is obtained from v by replacing each attribute name Bi with z G [1 T] by 
the new attribute name Ci. 

Let r be a cv-relation of type R and let A be a renaming condition for R. The 
renaming of r with respect to N, denoted pn{i"), is the cv-relation {p^ft) \t G r} 
of type pn{R). Let r = (S,p.) be a pcv-relation of type R and let A be a 
renaming condition for R. The renaming of r with respect to A, denoted pN^r), 
is the pcv-relation {S' , p.') of type pn{R), where: 

• S' = pn{S), 

• p'{v) = p{pf^{v)) for all V G S' . 

4.2 Join and Cartesian Product 

We now define the join operation on pcv-relations. 

Two tuple types Ti and over the sets of top-level attribute names A 2 and 
A 2 , respectively, are join- compatible iff T^.A = T^.A for all A G Ai n A 2 . The 
join of two such types T\ and T2, denoted Ti t<i T2, is the tuple type T over 
Ai U A 2 , where T.A = Ti.A if A G Ai and T.A = T 2 .A if A G A 2 . 
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Let v\ and V2 be two cv-tuples of join-compatible types T\ and T2 over Ai 
and A2, respectively, with v\.A = v^-A for all A G Ai n A2. The join of v\ 
and V2, denoted vi ixi U2, is defined as the cv-tuple v of type Ti ixi T2, where 
v.A = v\.A \i A & Ai and v.A = V2-A \i A & A2. 

Let ri and T2 be two cv-relations of join-compatible types R\ and R2 over Ai 
and A2, respectively. The join ofr\ and T2, denoted ri cxi r2, is the cv-relation r of 
type cxii?2 with r = {ti t<it2 | ti € ^2 € r2, ti.A = t2-A for all A G Ai n A2}. 

Let ri = and T2 = (1^27^2) be two pcv-relations of join-compatible 

types i?i and i?2, respectively, and let 0 be a probabilistic conjunction strategy. 
The join of ri and r2 under denoted ri(xPr2, is defined as the pcv-relation 
of type Ri ex R2, where: 

• S = {u G cx (52 I minniiv)) 0 fi2{r-R2{v)) ^ -L}, 

• ^(u) = ^ H2{ttr2{v)) for all v e S. 

Example 4.3. The join of the pcv-relations from Tables 5 and 6 under the 
probabilistic conjunction strategy is given in Table 7. 



Table 6. Second input pcv-relation of join 



• • •• 


— 


• • 


• • •• 




a 


0.8 


0.8 


64 


S89 


- 




p 


0.8 


1.0 


65 


S37 


-f 



Table 7. Result of join 



• • •• 


M 


• • 


• • •• 




a 


p 


0.56 


0.72 


(ei V 62) A 64 


S89 


-f 


- 



We next define the Cartesian product as a special case of join. Two tuple 
types Ti and T2 over the sets of top-level attribute names Ai and A2, respective- 
ly, are Cartesian-product- compatible iff Ai and A2 are disjoint. The Cartesian 
product of such types Ti and T2, denoted T\ x T2, is the tuple type Ti ex T2. 

Let ri and T2 be two pcv-relations of Cartesian-product-compatible types 
i?i and R2, respectively, and let 0 be a probabilistic conjunction strategy. The 
Cartesian product of ri and r2 under 0, denoted riX®r2, is the pcv-relation 
ri ex® T2 of type i?i x i?2- 
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4.3 Union, Intersection, and Difference 

We now define the union, intersection, and difference operation on pcv-relations. 

Let ri = ((5i,/ii) and r 2 = (<52, M 2 ) be two pcv-relations of the same type R. 
Let 0 / © / 0 be a probabilistic conjunction/disjunction/difference strategy. 

The union of r\ and V 2 under ©, denoted ri U®r 2 , is the pcv-relation (5, m) 
of type R, where: 

• 5 = {u G (5i - (52 I Mi(^') © -L ^ -L} U {v G (52 - (5i I ± © M2(^') ^ -L} U 

{u G (5i n (52 I Mi(w) © M 2 (w) ^ -L}, 

fMi(^) ® -L if ?; G (5i — 62 

• m(w) = < ± © ^i 2 {v) if u G (52 — (5i 

[mi(w)®M2(w) if u G (5i n (52 . 

Example 4.4. The union of the pcv-relations from Tables 5 and 8 under the 
probabilistic disjunction strategy (Bpc is given in Table 9. 



Table 8. Second input pcv-relation of union 



• • •• 


M 


• • 


• • •• 




a 


0.2 


0.3 


66 


S89 


+ 




a 


0.3 


0.4 


67 


S37 


- 



Table 9. Result of union 



• • •• 


“ 


• • 


• • •• 




a 


0.7 


0.9 


6l V 62 V 66 


S89 


+ 




a 


0.3 


0.4 


67 


S37 


- 




a 


0.5 


0.7 


63 


S64 


- 



The intersection of ri and r 2 under ©, denoted r\ n®r 2 , is the pcv-relation 
((5, m) of type R, where: 

• (5 = {u G (5i n (52 I Mi(^') ® M 2 (^') ^ -L}, 

• m(w) = Mi(^') ® M2 (w). 



The difference of r\ and r 2 under ©, denoted ri — ®r 2 , is the pcv-relation 
((5, m) of type i?, where: 

• (5 = {u G (5i — (52 I Mi(^) ® -L ^ -L} U {u G (5i n 



• m(w) 



^\{v) © -L if u G (5i — (52 

Mi(u) © M2(^') if u G (5i n (52 . 



>52 |mi(^') ® M2(^') ^ -L}, 
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4.4 Relationship to Classical Relational Algebra 

It turns out that pcv-relations and the algebra on pcv-relations properly extend 
classical relations and the classical relational algebra. 

Obviously, each tuple t in a classical relation r can be expressed by the 
pcv-tuple s{t) = [data: t, lb: 1, ub: 1, path: et] with et & B in an appropriate 
pcv-relation e(r). Hence, it now remains to show that the results of our algebraic 
operations on such pcv-relations corresponds to the results of the classical alge- 
braic operations on the original classical relations. 

Note first that each event t.path in a pcv-tuple t with [t.lb,t.ub] = [1,1] is 
logically equivalent to T. Moreover, we have the following result. 

Lemma 4.5. Let 0, 0, and 0 be the probabilistic combination strategies for any 
case among ignorance, independence, and positive correlation. Then, the result 
of applying 0, 0, and 0 to the probabilistic pairs _L and T is given in Fig. 1. 



0 


J. T 


-L 

T 


-L -L 
-L T 



© 


J. T 


-L 

T 


-L T 
T T 



0 


J. T 


J. 

T 


J. -L 
T -L 



Fig. 1. Probabilistic combinations of _L and T 

This result easily shows that under the probabilistic combination strategies 
for the cases ignorance, independence, and positive correlation, our selection, 
projection, renaming, join, Cartesian product, union, intersection, and differ- 
ence on the pcv-relations e(r) correspond to the classical selection, projection, 
renaming, join, Cartesian product, union, intersection, and difference, respec- 
tively, on the original classical relations r. 

4.5 Computational Complexity 

We now show that under certain assumptions, the introduced operations on pcv- 
relations can be done in polynomial time in the size of the input relations. The 
results of this section are implicit in [18]. 

Let KB C KB* {a, b) be a dependence information on two distinct basic events 
a and b. The satisfiability check for KB is polynomial-time- computable iff the 
satisfiability of KB U {(a, [^i, mi]), (6, [^ 2 , M 2 ])} can be decided in polynomial time 
in the input size of li,ui, I 2 , W 2 - The probabilistic conjunction (resp., disjunction, 
difference) strategy for KB is polynomial- time- computable iff (a, [^i,mi]) ^kb 
(6, [I 2 , U 2 ]) (resp., (a, [^i, mi]) ®kb {b, [h, M 2 ]), (a, [^i, mi]) Qkb {b, [I 2 , M 2 ])) can be 
computed in polynomial time in the input size of l\,ui,l 2 ,U 2 . 

Example 4.6. The satisfiability checks and the probabilistic combination stra- 
tegies for the cases ignorance, independence, positive correlation, left implication, 
and mutual exclusion are all polynomial-time-computable. 

In the sequel, we implicitly assume that all involved satisfiability checks and 
probabilistic combination strategies are polynomial-time-computable. Our first 
result shows that then all unary operations can be done in polynomial time. 
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Theorem 4.7. a) Given a not necessarily compact pcv-relation r of type R, 
and a commutative and associative probabilistic disjunction strategy 0 , the com- 
paction K®(r) can be computed in polynomial time in the input size ofr. 

b) Given a pcv-relation r of type R, a selection condition 4 > applicable to R, and 
a renaming condition N for R, both the selection <J^{r) and the renaming pn(j") 
can be computed in linear time in the input size ofr. 

c) Given a pcv-relation r of type R, a subtype S of R, and a commutative and 
associative probabilistic disjunction strategy 0 , the projection 7 r®(r) can be com- 
puted in polynomial time in the input size ofr. 

The next result deals with the binary operations on pcv-relations. 

Theorem 4.8. a) Given two pcv-relations r\ and T2 of join- compatible (resp., 
Gartesian-product- compatible) types R\ and R2, and a probabilistic conjunction 
strategy 0 , the join r\ cxi® V2 (resp., Gartesian product ri x®r2j can be computed 
in polynomial time in the input size of r\ and V2 . 

b) Given two pcv-relations ri and V2 of the same type R, and a probabilistic 
conjunction (resp., disjunction, difference) strategy 0 (resp., 0 , Q), the inter- 
section r\ n® V2 (resp., union r\ U® V2, difference ri — ® V2) can be computed in 
polynomial time in the input size of r\ and V2 . 

Note that the same results also hold for the generalization of our algebra- 
ic operations to Dynamic Dependence, if we impose further restrictions on 
the events in the input relations. For example, if we assume that all events 
are conjunctions of basic events, or that all events are disjunctions of basic 
events, or that all events are defined on pairwise disjoint sets of basic events 
(in these cases, for any KB C KB*{a,b), the concrete dependence information 
{F e KB* {a, b) I KB U {e\ ^ a, a ^ ei, 62 ^ 6, 6 — > 62} ^ F} can be computed 
in polynomial time in the input size of a and b). 

5 Query Equivalences 

We now concentrate on query equivalences. We implicitly assume that all in- 
volved conjunction and disjunction strategies are commutative and associative. 

Our first result shows that the join operation can be reduced to renaming, 
Cartesian product, selection, and projection like in classical relational algebra. 

Theorem 5.1. Letri andr2 be pcv-relations of join- compatible types R\ and R2 , 
respectively. Let 0 and ® be a probabilistic conjunction and disjunction strate- 
gy. Let Ai and A2 denote the sets of top-level attribute names of Ri and R2, 
respectively. Let pN replace each A G Ai n A2 by the new attribute name A' . Let 
4 > be the conjunction of all x.A' = x.A with A G Ai n A2. Let R = R\ cxi i?2. 

n ixi® T2 = 7r^(<T0(pAr(ri) X® T2)) . ( 1 ) 
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We next show that most other query equivalences of the classical relational 
algebra also carry over to our algebra on pcv-relations. The following theorem 
shows that selections with respect to conjunctive selection conditions can be 
decomposed, and that sequences of selections can be reordered. 

Theorem 5.2. Let r he a pcv-relation of type R. Let (j>i and 4>2 he two selection 
conditions that are applicahle to R. 



CT<i>lA02W = (2) 

(r)) = (r)) . (3) 

The next result shows that sequences of projections can be reordered and 
that certain selections can be pushed through projections. 

Theorem 5.3. Let r he a pcv-relation of type R. Let T he a suhtype of R and 
let S he a suhtype ofT. Let 4> he a prohahility-free selection condition applicahle 
to T. Let (B he a prohahilistic disjunction strategy. 

7r®(7T®(r)) = 7T®(r) (4) 

7r^(cT0(r)) = cr0(7T®(r)) . (5) 



The following theorem shows that selections and projections can be pushed 
through renaming operations. 

Theorem 5.4. Let r he a pcv-relation of type R. Let N he a renaming condition 
for R. Let <j) he a selection condition applicahle to pn{R) and let S he a suhtype 
of Pn{R)- Let 4>' and S' he obtained from (f> and S, respectively, hy performing 
the renaming pjj^ . Let (B he a prohahilistic disjunction strategy. 

a^{pN{r)) = PN{cr<i>'{r)) ( 6 ) 

T^siPNir)) = Piv(7rf,(r)) . (7) 



The next theorem shows that joins are commutative and associative, and 
that certain selections and projections can be pushed through join operations. 

Theorem 5.5. Letri, r 2 , andr^ he pcv-relations of the pairwise join- compatihle 
types R\, i? 2 , and R 3 , respectively. Let ® and 0 he conjunction and disjunction 
strategies such that 0 is distributive over 0 . Let 4>\ and (j >2 be prohahility-free 
selection conditions that are applicable to R\ and R 2 , respectively. Let S be a 
subtype of Ri ixi R 2 . Let Ai, A 2 , and A denote the sets of top-level attribute 
names of Ri, R 2 , and S, respectively. Let the tuple type S\ over (A U A 2 ) H Ai 



i.A = S.A for 


all A ^ (A — A 2 


) n Ai and Si. A = 


^ i?l 


.A for 


- 2 , and let the 


tuple type S 2 over 


■ (A U Ai) n A 2 be 


defined by 


all A G (A — A 


■ i) n A 2 and S 2 .A 


= R 2 .A for all A G 


Ai 


n A 2 . 


ri Cxi® 


^ T2 = T2 ixi® ri 






(8) 


(ri IXI® T 2 ) Cxi® 


^ rs = ri ixi® (r 2 ixi® rs) 




(9) 




r 2 ) = crpiin) CX® 


CT02(?"2) 




(10) 


7T®(ri IXI® 


ra) = 7r|(7r|^(n) 


M® 7T®(r2)). 




(11) 
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As Cartesian product is a special case of join, we get the following corollary. 

Corollary 5.6. Let r\, T 2 , and be pev-relations of the pairwise Cartesian- 
product- eompatible types Ri, R2, and R3, respectively. Let 0 and 0 be conjunc- 
tion and disjunction strategies such that 0 is distributive over 0 . Let 4>i and 
(j>2 be probability-free selection conditions that are applicable to R\ and R2, re- 
spectively. Let S be a subtype of R\ x i? 2 - Let Ai, A 2 , and A denote the sets 
of top-level attribute names of R\, R2, and S, respectively. Let the tuple type S\ 
over An Ai be defined by S'!. A = S.A for all A G An Ai, and let the tuple type 
S2 over A n A 2 be defined by S2.A = S.A for all A G AC\ A 2 . 



ri X® T2 = T2 X® n (12) 

(ri X® t 2 ) X® f 3 = ri X® (r 2 x® ra) (13) 

A<i>2 (?’i X ® "^2 ) = cr,^i (ri ) X ® (r2 ) (14) 

,T®(riX®r2)=^®(ri)x®7r®(r2). (15) 



The next result finally shows that union and intersection operations are com- 
mutative and associative, and that certain selections can be pushed through u- 
nion, intersection, and difference. Moreover, we show that projections can be 
pushed through union, and that intersection is a special case of join. 

Theorem 5.7. Let ri, V 2 , and r^ be pev-relations of type R. Let 0 / 0/0 be a 
probabilistic conjunction/ disjunction /difference strategy. Let (j> be a probability- 
free selection condition that is applicable to R and let S be a subtype of R. 



ri U® T 2 = V2 U® ri 


(16) 


(ri U® T 2 ) U® T3 = ri U® (r 2 U® r^) 


(17) 


Cl n® T 2 = V 2 n® ri 


(18) 


(ri n® T 2 ) n® T 3 = ri n® (r 2 n® rs) 


(19) 


(70 (ri U® r 2 ) = (70 (ri) U® (70 (r 2 ) 


( 20 ) 


0-0 (ri n® T 2 ) = (70 (ri) n® (70 (r 2 ) 


( 21 ) 


o- 0 (ri -® T 2 ) = (70(ri) -® (70(r2) 


( 22 ) 


^®(n U® r2)=7T®(ri)U® 7T®(r2) 


(23) 


ri n® T 2 = ri [XI® 72 . 


(24) 



6 Query Optimization 

In this section, we briefly concentrate on query optimization. 

We have seen that most of the query equivalences of classical relational alge- 
bra also hold for the algebra on pcv-relations. Hence, we can use the same query 
equivalences like in classical relational algebra to move especially selections but 
also projections as much inside a given query expression as possible: 
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1. We can use (2) to break up conjunctive selection conditions. 

2. We can use (3), (5), (6), (10), (14), (21), (20), and (22) to move selection 
operations as much inside the query expression as possible. 

3. We can use (9), (13), (19), and (17) to structure the query expression in a 
better way. 

4. We can use (4), (5), (7), (11), (15), and (23) to move projection operations 
as much inside the query expression as possible. 

Example 6 . 1 . Let T be an atomic type. Let Ri = [A: T,Bi \ T,C\ \ T], i ?2 = 
[^: T,B2-. T,C2-. T], i ?3 = [^: ^,^ 3 : T, C 3 : T], = [A: T, Ci : T], S2 = 

[A: T,C2-. T], S3 = [A: T^Cs'- T], and S'3 = [A: T,Ci: T,C2'. T,C3'. T] be tuple 
types. Let ri, r2, and r3 be pcv-relations over i?i, R2, and R3, respectively. Let 
and <j)2 denote the selection conditions x.data.Ci = v and a;.data.C'2 = x.data.C3, 
respectively, where u is a complex value of type T. Then, the query expression 

f^<^lA</> 2 ( 7 ’'|’’°((ri 1 X 1 ®*”= T2) 1 X 1 ®*”= T 3 )) 

can be transformed into the following equivalent query expression (since the 
conjunction strategy ®pc is distributive over the disjunction strategy 0pc): 

7 rf;‘=(r 3 )) . 

7 Related Work 

In this section, we give a brief comparison to related work in the literature. 

Our approach generalizes annotated tuples of ProbView [12]. As argued in 
[12], ProbView generalizes various approaches (like, for example, [2,4]). Cavallo 
and Pittarelli [4] view relations in a (flat) relational database as probability 
distribution functions, where tuples in the same relation are viewed as pairwise 
disjoint events whose probabilities sum up to 1. Drawbacks of this approach have 
been pointed out in [5]. An extension of the model using probability intervals, 
which are viewed as constraints on the probabilities, is reviewed in [15]. Barbara 
et al. [2] have considered a probabilistic extension to the relational model, in 
which imprecise attributes are modeled as probability distributions over finite 
sets of values. Their approach assumes that key attributes are deterministic (have 
probability 1) and that non-key attributes in different relations, are independent. 
No probabilities can be assigned to outmost tuples. 

Fuhr and Rolleke [7] consider a probabilistic version of NF2 relations, ex- 
tending their approach for flat tuples [8], and define a relational algebra for this 
model. Probabilities are assigned to tuples and to values of nested tuples (that is, 
set-valued attributes), which are viewed as events that have an associated event 
expression. The algebraic operators manipulate tuples by combining value and 
event expressions appropriately. The probability of a derived tuple is comput- 
ed from the probabilities of initial tuples by taking into consideration its event 
expression. The approach in [7] defines an intensional semantics in which proba- 
bilities are defined through possible worlds. The evaluation method assumes that 
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in nondeterministic relations (that is, relations with uncertain tuples), joint oc- 
currence of two different values is either always independent or impossible. Our 
approach has no such severe restriction (we do not make any independence or 
mutual exclusion assumptions). Furthermore, [7] does not use probability inter- 
vals but a single probability value. On the other hand, the algebra in [7] provides 
nest and unnest operators, which we have not done here. 

We see as major drawbacks of the approach in [7] the above non-dependency 
assumption on relations, which is rarely met in practice, and that the evaluation 
of event expressions takes exponential time in general, owing to complicated 
probability sums which need to be computed — this seems the price to pay for a 
smooth intensional semantics, though. 

The probabilistic database model of Dey and Sarkar [5] assigns each tuple 
in a (flat) relational database a probability value in a special attribute. The 
classical relational operations are defined adopting different assumptions on the 
relationship between tuples; in particular, join assumes independence; union and 
difference assume positive correlation; and compaction assumes disjointness or 
positive correlation. Our model is more general, since it has complex values, in- 
tervals, and allows different strategies (reflecting different relationships between 
tuples) to be used in the algebraic operations. Based on [5], a probabilistic ex- 
tension to SQL is developed in [6]. 

Zimanyi [19] presents an approach to querying probabilistic databases based 
on probabilistic first-order logic. A probabilistic database is axiomatized as a 
first-order probabilistic theory, which has a possible worlds semantics as in [10]. 
Tuples t in relations have a trace formula (f> attached, which intuitively selects 
the worlds in which t is true. The classical relational algebra operations are 
defined using formulas and manipulate trace formulas. A query is evaluated in 
two steps: the first step yields a relation of tuples with trace formulas, which 
are then evaluated using the assertions of the probabilistic theory to obtain a 
probability for each tuple. Compared to our approach, [19] aims at fiat databases 
and considers no probability intervals (but mentions a possible extension). The 
approach assumes complete independence of occurrences of distinct tuples in 
the same or different relations. Furthermore, as with most other approaches, no 
query equivalences are discussed. 

8 Summary and Conclusion 

In this paper, we generalized the annotated tuple approach in [12] to complex 
value databases [1] . We presented a probabilistic data model for complex values 
and defined an algebra on top of it. Moreover, we presented query equivalences 
and briefly discussed their use for query optimization. It turned out that most 
of the equivalences of classical relational algebra hold in this generalized model. 
Hence, many classical query optimization techniques carry over to our model. 

Several issues remain for further investigation. One such issue are other op- 
erators besides those of classical relation algebra, such as NF2 nest and unnest 
or the operators in [7,5,2,15]. Moreover, it would be very interesting to more 
deeply investigate the relationship to purely extensional and purely intensional 
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approaches to probabilistic databases. Finally, an intriguing issue is to extend 
our approach to object-oriented databases. To our knowledge, few approaches 
to probabilistic object-oriented databases have been proposed so far (see [11]). 
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Abstract. Persistent Turing Machines (PTMs) are multitape machines 
with a persistent worktape preserved between interactions, whose inputs 
and outputs are dynamically generated streams of tokens (strings). They 
are a minimal extension of Turing Machines (TMs) that express inter- 
active behavior. They provide a natnral model for sequential interactive 
computation such as single-user databases and intelligent agents. 

PTM behavior is characterized observationally, by input-output streams', 
the notions of equivalence and expressiveness for PTMs are defined rela- 
tive to its behavior. Four different models of PTM behavior are examined: 
language-based, automaton-based, function-based, and environment-based. 
A number of special subclasses of PTMs are identified; several expressive- 
ness results are obtained, both for the general class of all PTMs and for 
the special subclasses, proving the conjecture in [We2] that interactive 
computing devices are more expressive than TMs. 

The methods and tools for formalizing PTM computation developed in 
this paper can serve as a basis for a more comprehensive theory of inter- 
active computation. 



1 Introduction 

1.1 PTMs vs. Other Models of Computation 

Persistent Turing Machines (PTMs) are multitape machines with a persistent 
worktape preserved between interactions, whose inputs and outputs are dynam- 
ically generated streams of tokens (strings) [GW]. They are a minimal extension 
of Turing Machines (TMs) that express interactive behavior. They model ser- 
vices over time provided by persistent, object-oriented, or reactive systems that 
cannot be expressed by computable functions [MP,We2,WG2,WG3j. They also 
provide a natural model for single-user databases, where the current database 
instance is modeled as the contents of the persistent worktape. 

TMs and PTMs are abstract computing devices useful for representing dif- 
ferent forms of computational behavior: TMs model algorithmic behavior, where 
the output is modeled as a function or a relation of the input, whereas PTM- 
s model sequential interactive behavior [WGl], where the computing device or 
agent evolves as it processes the inputs. This evolution is represented by the 
change in the contents of the PTM worktape, so PTM output tokens are a 
function of both the input tokens and of the evolving worktape contents. 
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1.2 PTM Behavior and Expressiveness 

PTM behavior is characterized by input-output streams; PTM equivalence and 
expressiveness are defined relative to its behavior. These are ohservation-hased 
notions, just as for process modeling [Mil]. In fact, a PTM computation can be 
viewed as a process and modeled with a labeled transition system (LTS) whose 
individual transitions are Turing-computable and whose states and actions have 
specific TM-related semantics. 

Unlike inputs or outputs, the worktape contents is not directly observable. 
Though it affects the output, it does not participate directly in the notion of 
PTM behavior, which is observation-based. Any attempt to model PTM com- 
putations with TMs, by making the worktape contents an explicit part of the 
input, would thus fail to produce models which are equivalent if and only if the 
corresponding PTMs are. 

Models of computation for PTMs, just as models of computation for TMs, can 
be equivalently expressed by languages, automata, and function-based models. 
Whereas models of computation for TMs are string-based, models for PTMs 
are based in input-output streams. An environment-based model of behavior is 
also defined for PTMs; there has been no analog of this notion for TMs, whose 
environment is always algorithmic. We use these four models of behavior to 
obtain several expressiveness results, both for the general class of PTMs and for 
a number of special subclasses. 



1.3 PTMs as Interaction Machines 

PTMs are sequential interaction machines (SIMS) which inherit from TMs the 
restriction that input tokens must be discrete, and that any model of behavior 
must ignore time-depended aspects. They are therefore inappropriate for mod- 
eling some real-time and embedded devices or physical control processes, whose 
expressiveness requires the full generality of SIMs. Furthermore, there are multi- 
stream interactive behaviors, such as distributed database systems or airline 
reservation systems, which cannot be modeled by SIMs at all, requiring a model 
with even more expressiveness - MIMs [WG2,WG3j. 

We expect that PTM-based models of computation can be generalized to 
model all sequential computation. We believe that a proper formalization of the 
notion of a PTM environment will be an important part of this effort. Though 
there is no ” Silver Bullet” in the absolute sense, the problems of correctness test- 
ing and verification for interactive software systems may prove tractable - once 
we are willing to assume reasonable constraints on the system’s environment. 
Notions of equivalence and expressiveness that are relative to a PTM’s envi- 
ronment, introduced in this work, should prove to be important for formalizing 
SIMs. 

We also expect that single- and multi- agent computation can be modeled 
within a single formalism. The methods and tools for formalizing PTM compu- 
tation developed in this paper will serve as a basis for a more comprehensive 
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theory of interactive computation over these models. The resulting models of in- 
teractive computation should aid in the formalization of the important aspects 
of interactive computation, in a hardware- and application- independent fashion. 



1.4 Summary 

Section 2 provides some background concepts and defines PTMs. Section 3 out- 
lines the different models of PTM behavior, identifies several PTM subclasses, 
and summarizes the expressiveness results about them. Sections 4 through 7 
give the details of the four models and obtain the corresponding expressiveness 
results, followed by a conclusion with a discussion of future work. 

In this work, we only consider deterministic TMs and PTMs. Formalization 
of non-deterministic PTMs involves some interesting and unexpected anomalies 
which are briefly mentioned in section 8.2; a full treatment of this issue deserves 
a separate paper. 



2 Background and Definitions 

2.1 Turing Machines as Non-interactive Computing Devices 

Turing Machines are finite computing devices that transform input into output 
strings by sequences of state transitions [HU]. As is commonly done, we assume 
that a TM has multiple tapes: a read-only input tape, a write-only output tape 
and one or more internal work tapes. The contents of the input tape is said 
to be under the control of the environment, whereas the other two tapes are 
controlled by the PTM. Furthermore, the contents of the input and output tapes 
is observable whereas the work tape is not. 

TM computations for a given input are history-independent and reproducible, 
since TMs always start in the same initial state, and since their input is com- 
pletely determined prior to the start of the computation (they shut out the world 
during the computation) . This property of “shutting out the world” during com- 
putation characterizes Turing Machines as noninteractive: 

Definition 2.1. Interactive computing devices admit input/output actions dur- 
ing the process of computation [WG3]. 

It is interesting to note that Turing foresaw interactive computation in his 
seminal paper on TMs [Tu], where he made a distinction between automatic 
machines, now known as TMs, and choice machines, which allow choices by 
an external operator. However, since the motivation for computational devices 
in [Tu] was to compute functions from naturals to naturals, choice machines were 
not an appropriate model to use, and they have not been considered since. 
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2.2 Persistent Turing Machines (PTMs) 

Persistence of state typifies computation as diverse as databases, object-oriented 
systems, and intelligent agents [AB,ZM,RN]. In this section, we extend TMs by 
introducing persistence. In the next section, this is coupled with an extension of 
computational semantics from string- to stream-based, to result in a model for 
sequential interactive computation [WGl]. 

Definition 2.2. A Persistent Turing Machine (PTM) is a multitape Turing Ma- 
chine (TM) with a persistent work tape whose contents is preserved between suc- 
cessive TM computations. A PTM’s persistent work tape is known as its memory; 
the contents of the memory before and after ( a single TM ) computation is known 
as the PTM’s state. 

Note: PTM states are not to be confused with TM states. Unlike for TMs, 
the set of PTM states is infinite, represented by strings of unbounded length. 

Since the worktape (state) at the beginning of a PTM computation step is 
not always the same, the output of a PTM M at the end of the computation 
step depends both on the input and on the worktape. As a result, M defines a 
partial recursive function fM from {input, worktape) pairs to {output, worktape) 
pairs of strings, /m : I xW ^ O x W. 

Example 2.1. An answering machine A is a PTM whose worktape contains 
a sequence of recorded messages and whose operations are record message, 
playback, and erase. The Turing- computable function for A is: 

/a ( record Y, X) = (ok, XY); /^(playback, X) = (X, X); 

/y!l(erase, X) = (done, e). 

Note that both the content of the worktape and the length of input for recorded 
messages are unbounded. □ 

An Answering Machine can be viewed as a very simple intelligent agent [RN] , 
whose memory is stored on the worktape. This agent is not goal-oriented or 
utility-based] nevertheless, we will show that it exhibits a degree of autonomy, 
which is beyond the capacity of algorithmic agents. A database could also serve 
as a useful example above, where the current database instance is modeled as 
the contents of the persistent worktape. 

2.3 PTM Computation 

Individual computational steps of a PTM correspond to TM computations and 
are string-based. However, the semantics of PTM computations are stream-based, 
where the stream tokens are strings over some alphabet S. The input stream 
is generated by the environment and the output stream is generated by the 
PTM. The streams have dynamic (late, lazy) evaluation semantics, where the 
next value is not generated until the previous one is consumed. The coinductive 
definition for such streams can be found in [BM]. 

A PTM computation is an (infinite) sequence of Turing-computable steps, 
consuming input stream tokens and generating output stream tokens: 
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Definition 2.3. Given a PTM M defining a function /m and an input stream 
{ii,i 2 , ■ ■ ■), o, computation of M consists of a sequence of computational steps 
and produces an output stream (oi, 02 , • . •)• The state of the PTM evolves during 
the computation, starting with the initial state wq; w.l.o.g., we can assume that 
Wq is an empty string: 

/m(*i, Wo) = (oi, wi); /m(* 2, wi) = (02, W2); /m(* 3 , W2) = (03,103); . . . □ 

Example 2.2. For the Answering Machine A (example 2.1), the input stream 
(record A, erase, record BC, record D, playback, . . .) generates the 
output stream (ok, done, ok, ok, BCD, ...); the state evolves as follows: 
(e. A, e, BC, BCD, BCD, . . .). □ 

This example represents a single computation of A; the fact that input and 
output actions on streams take place in the middle of computation characterizes 
PTMs as interactive computing devices. The fact that only a single input stream 
is involved characterizes PTMs as sequential interactive devices, or SIMs [WGl]. 
Other examples of sequential interactive computation include the lifetime of a 
single-user database, driving home from work [Wei], holding a dialogue with an 
intelligent agent [RN], and playing two-person games [Abrj. 

2.4 PTM Interaction Streams 

The interaction of PTMs with their environment is described by interaction 
(I/O) streams, which interleave inputs and outputs. 

Definition 2.4. Interaction (I/O) streams have the form (ii, oi), (12, 02), . . ., 
where i ’s are input tokens generated hy the environment ( or an observer) and 
o’s are output tokens generated by the PTM (figure 1). 



Observer 





stream of inputs 


*1^ k 


PTMM 




stream of outputs 


Ok 








1 worktape W | 




Interaction stream 







Fig. 1. The interaction stream between a PTM and its environment/observer. 



Due to the dynamic evaluation semantics of PTM input streams, it is as- 
sumed that each input token ik is generated after the previous output ou-i. As 
a result, later input tokens may depend on earlier outputs and on external (ex- 
ogenous) events in the environment. Furthermore, outputs may depend not only 
on the corresponding input but on all earlier ones, resulting in history dependent 
behavior: 
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Example 2.3. The computation in example 2.2 leads to the following interaction 
stream: 

(record A, ok) , (erase, done) , (record BC,ok) , (record D,ok) , 
(playback, BCD) , . . . 

The fifth output BCD depends on the third and fourth inputs, illustrating history 
dependence. □ 

The history dependent behavior of PTMs cannot be expressed by TMs whose 
output is a function of the input. Though history dependence can be simulated 
in TMs by making the history an explicit part of the input, this would violate the 
observation-based PTM semantics. In process modeling, observation equivalence 
is known to be stronger than trace equivalence; similarly, forcing PTM state to 
be observable cannot be assumed to preserve the expressiveness of the computing 
device. 

3 Towards Formalizing PTMs 

Being able to determine when two computing devices are equivalent, or when 
one class of devices is more expressive than another, is an important part of any 
attempt to formalize a new model of computation. In this section, we formulate 
these notions in terms of a computing device’s behavior, and formalize them for 
PTMs by providing specific models of PTM behavior. 



3.1 Behaviors, Equivalence, and Expressiveness 

The notions of equivalence and expressiveness of interactive computing devices 
are intimately related to the notion of their behavior, which is exhibited through 
its interactions with the environment. 

Example 3.1. TM behavior consists of accepting input strings and returning out- 
put strings; this can alternately be modeled as a set of input/output pairs, or as 
a function from inputs to outputs. □ 

Any model of behavior induces a notion of equivalence for pairs of devices: 

Definition 3.1. Two computing devices are equivalent if their behavior is the 
same. 

Furthermore, the notion of equivalence leads to the notion of expressiveness for 
classes of devices: 

Definition 3.2. A class of computing devices C\ is said to be at least as ex- 
pressive as a class C 2 if, for every device in C 2 , there exists an equivalent one 
in C\. If the converse is not true, C\ is said to be more expressive than C 2 . 
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Example 3.2. For every Finite State Automaton (FSA), there exists an equiva- 
lent Push-Down Automaton, but not vice versa [HU]. Therefore, PDAs are more 
expressive than FSAs. □ 

In this paper, we show that PTMs have a richer set of behaviors than TMs, 
and are therefore more expressive in precisely the same sense that PDAs are 
more expressive than FSAs in the example above. 



3.2 Models of PTM Behavior 

Just as for TMs, PTM behavior can be modeled in different ways. Whereas 
models of computation for TMs are based on strings, models for PTMs are based 
on interaction streams (section 2.4). For any PTM M, four different models of 
PTM behavior are examined: 

— Language-based: M is modeled by its language, which is the set of all 
interaction streams for M (section 4). 

— Automaton-based: M is modeled by an infinite-state automaton whose 
edges are labeled by pairs of input/output strings; paths through this au- 
tomaton are the interaction streams of M (section 5). 

— Function-based: M is modeled by a recursively defined function from input 
to output streams; this function has coinductive evaluation semantics [BM], 
recursing infinitely without reaching a base case (section 6) . 

— Environment-based: M is modeled by a set of finite or infinite interaction 
sequences that are produced by M’s environment, this gives us notions of 
behavior and equivalence that are relative to environments (section 7). 

As for TMs, different models of PTM computation are convenient for obtain- 
ing different results about their expressiveness. In the next section, we define 
several specializations of PTMs, as a prelude to proving these results. 

Note: Throughout this work, we are assuming that PTMs are deterministic 
(i.e., based on a deterministic TM). Though these models can be used for non- 
deterministic PTMs as well, we expect that the correspondence between them 
will not be as straightforward as in the deterministic case. 



3.3 Special PTMs and Their Expressiveness 

In general, a single computational step of a PTM M is modeled by a computable 
function Jm : I x W ^ O x W, where I, O, and W are over S* (section 2.2). 
Several interesting subclasses of PTMs are defined in this section, arising from 
subcases of this general model. 

~ Amnesic PTMs (section 4.2) ignore the contents of their memory, behaving 
as if each computational step starts in the same state. 

— Finite-memory PTMs (section 4.3) have a bound on the amount of avail- 
able memory. 
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— Finite-state PTMs (section 4.3) have a finite number of states (i.e., W is 
finite). 

— Simple PTMs have finite sets of input/output tokens (i.e., I and O are 
finite). Binary PTMs are a subclass of simple PTMs where both I and O 
have size 2. 

— Consistent PTMs produce the same output token for a given input token 
everywhere within a single interaction stream; different interaction streams 
may have different outputs for a given input [Kos]. 

Here are some of the results that hold for PTMs and their subclasses: 

— Amnesic PTMs have the same expressiveness as sequences of TM computa- 
tions (section 4). 

— Finite-memory PTMs have the same expressiveness as finite-state PTMs 
(section 4). 

— Simple finite-state PTMs have the same expressiveness as finite-state trans- 
ducers (section 5). 

— Simple (binary) finite-state PTMs are less expressive than simple (binary) 
PTMs (section 5). 

— PTMs have the same expressiveness as effective labeled transition systems 
(LTSs) , a subclass of LTSs (section 5) . 

— Amnesic PTMs are less expressive than all PTMs, constituting the lowest 
level of an infinite expressiveness hierarchy for PTMs (section 7). 

The remainder of this paper, up to the concluding section, is devoted to a 
discussion of these results. Note that as a corollary of these results, we prove the 
conjecture in [We2] that interactive computing devices are more expressive than 
TMs. 

4 Language-Based Model of PTM Computation 

In this section, we consider the language-based model of PTM computation and 
derive related results summarized in section 3.3. 

4.1 PTM Languages 

The behavior of TMs and other string-based computing devices can be described 
by a language, which is a set of strings over some finite alphabet. For example, 
the language of a finite state automaton is the set of strings it accepts [HU]. A 
set-based notion of languages can likewise be defined for PTMs; PTM languages 
are stream-based rather than string-based. 

Definition 4.1. The set of all interaction streams (definition 2.4) for a PTM 
M constitutes its language, L{M). 

Despite the change in semantics from strings to streams, the definitions of 
equivalence and expressiveness apply to PTMs just as to other computing devices 
for which a language is defined: 
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Definition 4.2. (language-based PTM equivalence and expressiveness) 

Let Ml and M2 he computing devices whose behavior is modeled by sets of in- 
teraction streams; M\ and M2 are equivalent iff L{Mi) = L{M2). 

Let Cl and C2 be classes of computing devices whose behavior is modeled 
by sets of interaction streams; C2 is more expressive than Ci if the set of all 
languages for members of C\ is a proper subset of that for C'2- □ 

4.2 Amnesic PTMs vs. TMs 

Amnesic PTMs ignore the contents of their memory, behaving as if each com- 
putational step starts in the same state. As a result, computations of amnesic 
PTMs are not history dependent (hence their name). 

Definition 4.3. A PTM M is amnesic iff fM{i,w) = fM{i,wo) for all inputs i 
and states w, where wq is M ’s initial state. □ 

In order to compare amnesic PTM languages to those of multitape TMs, we 
need to consider TM computations over streams of input strings: 

Definition 4.4. (stream-based TM computation) Given a TM M defining 
a function /m from input to output strings, and an input stream (ti,Z2, • • •)> ® 
computation of M produces an output stream (01,02,...), where fniilk) = Ok 
for each k. □ 

Amnesic PTMs are no more expressive than stream-based TMs: 

Proposition 4.1. The behavior of any amnesic PTM is equivalent to a sequence 
of TM computations for the corresponding TM. 

Proof: Given an input stream (zi,i2,...), a computation of an amnesic PTM 
produces an output stream (oi, 02, . . .), where: 

/m(d, Wo) = (oi, wi); /m(* 2, wi) = /m(* 2, Wo) = (02, W2); 

/m(* 3 , W2) = /m(g, Wo) = (03,103); . . . 

Since wq is assumed empty, each computation step of M is the same as a 
computation of the TM that corresponds to M, let us call it Mg: for all k, 
/Mo(*fe) = fM{ik,Wo) = Ok. □ 

The converse of proposition 4.1 is not true; an arbitrary multitape TM may 
write something to its work tape and fail to erase it at the end of the compu- 
tation, so the corresponding PTM is not necessarily amnesic. Nevertheless, it is 
easy to show that PTMs are at least as expressive as TMs. 

Proposition 4.2. For each TM M, there exists a TM M' so that M’s stream- 
based behavior is equivalent to the amnesic PTM based on M' . 

Proof: For any TM, an equivalent one can be constructed, that always erases 
its worktape at the end of the computation, guaranteeing that the behavior of 
the corresponding PTM is amnesic. □ 

Theorem 4.1. Amnesic PTMs have the same expressiveness as sequences of 
TM computations. 

Proof: Follows from propositions 4.1 and 4.2. □ 
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4.3 Finite-State and Finite-Memory PTMs 

Finite-memory PTMs have a bound on the amount of available memory; this 
refers to the number of bits that may be stored persistently, without implying a 
bound on the overall size of all internal worktapes. In contrast, finite-state PTMs 
have a finite number of states; that is to say, the set of all states reachable from 
the initial state via some sequence of input tokens is finite. 

Theorem 4.2. Finite-memory PTMs have the same expressiveness as finite- 
state PTMs. 

Proof: Let M be a finite- memory PTM. If n is the memory bound for M, and 
c is the size of M’s alphabet M, then M can have at most cn states. Conversely, 
let M be a finite-state PTM. If W is the set of M’s states and k is the size of W, 
then at most log k characters are needed to represent any state in W. Therefore, 
one can construct a PTM equivalent to M which has a bound on the amount of 
memory available to it. □ 



5 Automata-Theoretic Model of PTM Behavior 

In this section, we adopt an automata-theoretic view of PTMs, as transducers 
over an infinite state space. Just as for TMs, this view complements the language- 
based view (section 4). 



5.1 Finite-State Transducers and Their Index 

All automata are state-based, with labeled transitions between states, and possi- 
bly with values associated with states themselves. Finite-state automata (PSAs) 
are the best known and simplest automata, where the set of states is finite, the 
transition labels are single characters from a finite input alphabet, and the states 
are associated with one of two values, accept and reject [HU]. 

An PSA’s index is a metric for classifying PSAs; it refers to the number of 
equivalence classes induced by the PSA’s language: 

Definition 5.1. (FSA index) Given any FSA A over an alphabet S, where 
L{A) is the set of all strings accepted by A, let V{A) be a partition of E* into 
equivalence classes, defined as follows: 

for any x,y £ S* , x and y belong to the same equivalence class in V{A) 
iff for all w G S* , xw G L{A) iff yw G L{A). 

Then, the size ofV{A) is known as A’s index. □ 

The index of PSAs is known to be finite; this is the Myhill-Nerode theorem [HU]. 

Finite-state transducers (PSTs) extend PSAs, by replacing the binary value 
at each state with an output character from a finite output alphabet A. These 
output characters can be associated with states, as for Moore machines, or with 
transitions, as for Mealy machines. Por either Moore or Mealy machines, the 




126 Dina Q Goldin 



output is a sequence of output characters of the same length as the input. These 
two types of FSTs are known to have the same expressiveness [HU]. FST input 
may also be an infinite stream of characters; the output will be another character 
stream. 

The notion of index can be extended to transducers, as follows: 

Definition 5.2. (Index of transducers) Given any transducer A over sets of 
input/output tokens E and A, which maps sequences over E to sequences over A 
by a mapping yiA, let V{A) be a partition of E* into equivalence classes, defined 
as follows: 

for any x,y G E* , x and y belong to the same equivalence class in V{A) 
iff for all w G E* , the last tokens of pla{x.w) and p,A{y-w) are the same. 

Then, the size ofV{A) is known as A’s index. □ 

The definition above applies whether the set of tokens is finite (i.e., an al- 
phabet) or infinite (i.e., a set of strings), and whether the set of states is finite 
or infinite. In the case of FSTs, when the sets of tokens and of states are both 
finite, the index is also known to be finite [TBj. 



5.2 PTMs vs. FSTs 

For any finite-state simple PTM M (section 3.3) with a computable function /m, 
one can construct an equivalent stream-based Mealy machine A (section 5.1) and 
vice versa. The intuition behind such a construction is as follows: 

- M’s states correspond to H’s states, where wq is H’s initial state; 

- for any two states and W 2 , and any input/output pair of tokens i, o, 
fM{i,wi) = {o,W 2 ) iff there is a transition there is a transition between 
w\ and W 2 in A labeled “i/o” iff fnibwi) = (o,W 2 ). 

As a result, these two classes of devices have the same expressiveness: 

Proposition 5.1. Finite-state simple PTMs have the same expressiveness as 
stream-based Mealy machines. 

Proof: Follows from the construction above. □ 

As a corollary to proposition 5.1, finite-state simple PTMs have a finite index 
(definition 5.2). The same is not true of the class of all simple PTMs: 

Proposition 5.2. There exist simple PTMs whose index is infinite. 

Proof: The proof is by construction. Let M be a binary PTM which works as 
follows: 

while M’s input stream equals the “template” a = 0101^01^01^0 . . ., 

M’s output bits are all I’s; as soon as there is an “incorrect” input bit, 

M’s output becomes all O’s. 
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Let fj,{x) be the output string produces by M for any binary input sequence x. 
Let L be the set of all prefixes of a that end in 0; L is countably infinite. It 
is easy to see that given any pair x,y of distinct elements of L, there exists a 
binary sequence w of the form 1” for some n > 1 such that the last character of 
fj,{x.w) is different from the last character of y{y.w). □ 

Theorem 5.1. The class of simple (binary) PTMs is more expressive than the 
class of (binary) FSTs. 

Proof: Follows from propositions 5.1 and 5.2. □ 

Note that for any given state of any simple PTM, the transition relation is 
finite (its size is limited by the number of pairs of input and output tokens), 
just as for an FST. The extra expressiveness of simple PTMs is therefore gained 
not from the Turing-computability of the individual transitions, but from the 
unboundedness of the internal state! 

5.3 PTMs vs. LTSs 

There is a well-studied class of transition systems with an infinite set of states, 
known as labeled transition systems (LTSs) [BM]. The transition function of an 
LTS associates with every state a set of possible actions, and specifies a new state 
reached with each action. The actions are assumed to be observable, whereas the 
states are not. LTSs are a standard tool for process modeling [Mil]. Depending 
on the nature of the process being modeled, the actions may represent inputs, 
or outputs, or a combination of both. 

We define a subclass of LTSs that we call effective: 

Definition 5.3. An LTS is effective if each action is a pair of input, output 
tokens, and the transition function for the LTS is Turing-computable; that is, 
there exists a Turing-computable function S which, for any pair (state, input 
token), returns the pair (new state, output token). 

It is easy to see that the class of PTMs is equivalent to the class of effective 
LTSs under trace equivalence semantics, where the tokens in the I/O streams 
of the PTM are the same as the labels along the paths of the corresponding 
effective LTS: 

Proposition 5.3. For any PTM M , there exists an equivalent effective LTS T, 
and vice versa. There, M and T are considered equivalent if L{M) is the same 
as the set of traces for T. 

Proof: This is similar to the FST construction at the beginning of section 5.2. 

□ 

Example 5.1. Figure 2 shows the transitions from some state X of an answering 
machine (example 2.1); the first transition on the figure corresponds to a infinite 
family of transitions, one for each possible instantiation of the input message. 

Though PTMs can be viewed as a special subclass of LTSs, it would be 
misleading to treat them as nothing more than that. We believe that PTMs 
cannot be fully appreciated unless all the models of their behavior are treated 
as incomplete and complementary views of this new device. 
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f^irecord Y, X) = (ok, XY); 
f^iplayback, X) = (X, X); 
f^(erase, X) =of, e) 



Fig. 2. Constructing an LTS for the Answering Machine. 



6 Modeling PTM Behavior by Recursively Defined 
Functions 

We have mentioned in section 3.2 that PTM behaviors can be modeled as a 
recursively defined mapping from input to output streams. In this section, we 
define such a mapping (j)M, for any PTM M . A similar approach can be found 
in [Bro]. 

First, we define two functions over pairs, 1st and 2nd, returning the 1st and 
2nd component of any pair, respectively. We also define three functions over 
streams, head, tail, and append; head(a) returns the first token of a stream a, 
tail(a) returns the rest of the stream (which is also a stream), and append(s, a) 
appends a token s to the beginning of a stream a, returning a new stream. 

Streams are assumed to be infinite; successive invocations of tail continue 
returning new streams. Streams are also assumed to be dynamieally bound: head 
and tail have lazy evaluation semantics. Dynamic binding of inputs and outputs 
is what allows the PTM to be truly interactive: next input is generated only 
after the previous output is produced, allowing the input and output tokens to 
be interdependent. 

Let M be a PTM where /m is the corresponding computable function, /m : 
I X W ^ O X W. If t is the input stream and w is M’s current state, the first 
computational step of M will produce fM(head{i), w). Let o be the first output 
token and w' be M’s new state, they are defined as follows: 

o = lst{fM{head{i), w)); w' = 2nd{fM{head{i), w)) 

We can now define a function frecM which takes an input stream t and a state 
w and returns an output stream; frecM is defined recursively as follows: 

frecM{i', w) = append{o, frecM{tail{b) , w')) 

Though freeM successfully returns the output stream, it takes the state as one 
of its inputs, which is not what we want. The mapping we want, (j)M, is obtained 
by currying M’s initial state wq into frecM- 

for any x, cj)M{x) = frecM{x,wo) 
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This definition of (f>M is based on coinductive principles [BM] , which are more 
expressive than the inductive principles underlying Turing computable function- 
s [JR,WG2]. As a result, <j)M cannot be expressed by any Turing computable 
function. 

Theorem 6.1. For any PTMs Mi and M 2 , £{Mi) = £{M 2 ) ijf (f>Mi = 4>M2- 

Proof: The proof is omitted from this abstract; it makes use of coinductive 
reasoning and coalgebraic methods [BM,JR]. 

7 Environment-Based Approach to PTM Behaviors 

So far, PTM behavior has been defined as an absolute notion. In this section, we 
consider a relative notion of PTM behavior, defined with respect to the PTM’s 
environment. This engenders a different approach to the notion of expressiveness, 
one which looks at behavioral equivalence classes within different environments. 
We believe that this approach will prove more effective for the formalization of 
interactive systems than the absolute one. 

Note: The notion of an environment presented here is similar to that of an 
observer [WG3]. Whereas the same PTM may be observed by multiple observers, 
an environment is assumed to remain the same throughout a PTM’s ’’life” (this 
is not to say that it is constant; rather, it obeys the same set of constraints). 

7.1 Relative Equivalence and Expressiveness 

The input stream of any PTM is generated by its environment. So far, we have 
assumed that all the input streams are feasible. However, this is not a reasonable 
assumption for the context in which interactive systems normally compute. A 
typical environment will have constraints on the input streams or sequences that 
it is capable of generating; it can be assumed that a PTM operating within an 
environment will only receive streams that satisfy the constraints appropriate for 
that environment. The issue of specifying these constraints, and relating them 
to the models for various PTM environments is a worthy research topic which 
is outside the scope of this paper. 

We identify the notion of an environment O with that of the inputs that are 
feasible in O; within a given environment, PTMs that either distinguishable or 
they appear equivalent: 

Definition 7.1. (Environment) Given a class C of computing devices with 
behavior B, an environment O for C is a mapping from elements of C to some 
domain j3o, O : C ^ (do, which is consistent, i.e.: 

for any Mi, M 2 in C, if B{Mi) = B{M 2 ), then 0{Mi) = 0{M2) 

The elements of (do are known as feasible behaviors (within the environment 
O). When 0{Mi) ^ 0{M2), we say that Mi and M 2 are distinguishable in O; 
otherwise, we say that Mi and M 2 appear equivalent in O. □ 
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The consistency of an environment means that equivalent systems will appear 
equivalent in all environments; however, systems that appear equivalent in some 
environments may be distinguishable in others. 

Example 7.1. So far, we have assumed that all input tokens to the answering ma- 
chine A (example 2.1) start with one of three commands (record, playback, 
erase). This is a reasonable assumption in an environment where these com- 
mands are selected by pushing one of three possible buttons. If we choose to 
reject this assumption, the answering machine definition can be extended in 
various ways: 

when an input token does not start with either of the three commands, 
a robust answering machine will ignore it; a non-robust one will erase its 
tape. 

Though these answering machines are not equivalent, they will appear equivalent 
in any environment where only these three commands are feasible. □ 

Equivalence and expressiveness of classes of devices can also be defined rel- 
ative to an environment, in a straightforward fashion: 

Definition 7.2. Given some environment O, a class C 2 of computing devices is 
appears at least as expressive in O as class C\ if, for every device M\ € Ci, there 
exists M 2 G C 2 such that 0{Mi) = 0{M2). C\ and C 2 appear equivalent in O 
if Cl also appears at least as expressive as C 2 in O; otherwise, C 2 is appears 
more expressive in O. 

It is possible that two classes may appear equivalent in some environments, 
but one will be more expressive in a different environment. We will show in this 
section that this is the case for TMs and PTMs, which appear equivalent in 
algorithmic environments but not in richer ones. 

7.2 Finite PTM Environments 

Unlike the absolute notions of PTM behavior (sections 4 through 6), which were 
all based on infinite streams, environments do not have to be infinite. Some 
environments may have a natural limit on their life span (and on the life span 
of any PTM that “resides” there), and thus a bound on the length of input 
sequences that they can generate. We expect the study of finite environments to 
prove particularly important in some of the applications of interactive theory of 
computation, such as for system correctness, where any test of correctness is by 
definition finite. 

Definition 7.3. (Observations and finite PTM environments) Given an 
arbitrary PTM M , any finite prefix of some interaction stream of M (section 2.4) 
is an observation of M ; its length is the number of pairs in it. A mapping 
from PTMs to sets of their observations constitutes a finite PTM environment. 
When a finite environment admits observations of length one only, it is known 
as algorithmic. 




Persistent Turing Machines as a Model of Interactive Computation 



131 



Algorithmic environments are thus finite environments with shortest life span 
possible, where the instantiation of the computing device is for a single interac- 
tion only. This definition of algorithmic environments is consistent with [We2]; 
it reflects the traditional algorithmic view of the nature of computing devices, 
as presented in a typical undergraduate introduction to the theory of computa- 
tion [Sip]. 

If Ml and M 2 are distinguishable in a finite environment O, then 0(Mi) yf 
0{M2), i.e., 0{Mi) 0 0{M2) is not empty. The members of this set are known 
as distinguishability certificates for (Mi, M 2 ): 

Definition 7.4. (Distinguishability Certificates) Distinguishability certifi- 
cates are observations which are feasible in O for one of the machines but not 
the other. 

Though equivalence of two PTMs is intractable and cannot be proven (just 
as for TMs, similar to the halting problem) , non-equivalence can be established 
by finding their distinguishability certificate: 

Proposition 7.1. Any two non-equivalent PTMs are distinguishable by some 
finite-length distinguishability certificate. 

Proof: Let Mi and M 2 be PTMs which are not language-equivalent; i.e., where 
£(Mi) C{M 2 ). W.l.o.g., there must be an interaction stream a G C{Mi) which 

is not in C{M 2 ). There must exist some k such that the prefix of length k of a 
is not a prefix of any stream of C{M 2 ). Let us choose the smallest such k. Then, 
the prefix of length A: of cr is the distinguishability certificate for (Mi, M 2 ). □ 

It follows from definitions that if two PTMs are distinguishable by some 
finite observation, there must be some finite environment where they are distin- 
guishable. For amnesic PTMs, algorithmic environments suffice for this purpose: 



Proposition 7.2. Any two non-equivalent amnesic PTMs (definition 4-3) are 
are distinguishable by a certificate of length one. 

Proof: Let Mi and M 2 be amnesic PTMs which are not language-equivalent; Let 
w be a distinguishability certificate for (Mi, M 2 ), obtained as in proposition 7.1, 
and let (f, o) be the last input /out pair in oj. From the definition of amnesic PTMs 
(definition 4.3), it can be shown that in any environment capable of generating 
the token i, (z, o) will also serve as the distinguishability certificate between Mi 
and M 2 . □ 

Proposition 7.2 asserts that algorithmic environments suffice for distinguish- 
ing between all non-equivalent amnesic PTMs. Since the class of TMs has the 
same expressiveness as the class of amnesic PTMs (proposition 4.1), algorithmic 
environments suffice for distinguishing between all TMs as well. The same does 
not hold for the general class of PTMs; we will show in section 7.3 that there 
exist pairs of PTMs with arbitrarily long distinguishability certificates. 
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7.3 Infinite Expressiveness Hierarchy 

Any environment O for a class of devices C with behavior B induces a parti- 
tioning of C into equivalence classes, where the members of each class appear 
equivalent in O; we call them behavioral equivalence classes. Given a class C 
of computing devices, an environment Oi is said to be richer than O 2 if fewer 
devices in C appear equivalent in it: 

Definition 7.5. An environment 0\ is richer than O 2 if the behavioral equiva- 
lence classes for 0\ are strictly finer than those for O 2 . 

We define an infinite sequence 0 of finite PTM environments, 0 = (Oi , O 2 , • ■ •) > 
as follows: 

Definition 7.6. 0 = (Oi, O 2 , ■ ■ ■), where for any k and any PTM M , Ok{M) 
is the set of M's observations of length < k. 

Ok gives us a relative notion of M’s behavior, with respect to environments that 
can generate at most k input tokens. Oi is an algorithmic environment, with the 
coarsest notion of behavioral equivalence. 

It is easy to see that for any k, Ok is consistent (definition 7.1): for any 
pair of PTMs Mi and M 2 , if B{Mi) = B{M 2 ), then Ofe(Mi) = Ok{M 2 ). It is 
furthermore the case that for the class of PTMs, for any k, Ok+i is richer than 

Ok- 



Proposition 7.3. For any k, Ok+i is richer than Ok- 

Proof: It can be shown that Ok+i{Mi) yf Ofe_|_i(M 2 ) whenever Ofe(Mi) yf 
Ok{M 2 ). We complete the proof by constructing a sequence of PTMs {Mi, M 2 , ■ ■ .) 
such that for any k, Mk and Mk+i appear equivalent to Ok but not to Ok+i- 
These PTMs are binary, with inputs O and 1, and outputs T and F. For any k, 
Mk ignores its inputs, outputting k F’s followed by all T’s. The shortest distin- 
guishability certificate for {Mk, Mk+i) has length A: -I- 1, ending with output T 
is one case, F in another. □ 

Proposition 7.3 shows that the environments in 0 are increasingly richer, 
producing ever finer equivalence classes for PTM behaviors without reaching a 
limit. 

Theorem 7.1. The environments in 0 induce an infinite expressiveness hier- 
archy of PTM behaviors, with TM behaviors at the bottom of the hierarchy. 

Proof: Follows from propositions 7.3 and 7.2. □ 

All the environments in 0 axe finite. In contrast, the absolute models of PTM 
behavior defined in sections 4 through 6 are not finite. The PTM equivalence 
classes induced by the absolute models can be regarded as the limit point for 
the infinite expressiveness hierarchy of Theorem 7.1, though this is outside the 
scope of this paper. 




Persistent Turing Machines as a Model of Interactive Computation 



133 



8 Conclusions 

Persistent Turing Machines (PTMs) are multitape machines with a persistent 
worktape preserved between interactions, whose inputs and outputs are dynam- 
ically generated streams of tokens (strings). They are a minimal extension of 
Turing Machines (TMs) that express interactive behavior. They model services 
over time provided by persistent, object-oriented, or reactive systems that can- 
not be expressed by computable functions. They also provide a natural model 
for single-user databases, where the current database instance is modeled as the 
contents of the persistent worktape. 



8.1 Discussion 

We have shown how models of computation for PTMs, just as models of com- 
putation for TMs, can be equivalently expressed by languages, automata, and 
function-based models. Whereas models of computation for TMs are string- 
based, models for PTMs are based on input-output streams. An environment- 
based model of behavior was also defined for PTMs; there has been no analog 
of this notion for TMs, whose environment is always algorithmic. These four 
models of behavior were used to obtain several expressiveness results, both for 
the general class of PTMs and for a number of special subclasses. 

PTMs are sequential interaction machines (SIMS) which inherit from TMs 
the restriction that input tokens must be discrete, and that any model of be- 
havior must ignore time-depended aspects. They are therefore inappropriate for 
modeling some real-time and embedded devices or physical control processes, 
whose expressiveness requires the full generality of SIMs. Furthermore, there 
are multi-stream interactive behaviors, such as distributed database systems or 
airline reservation systems, which cannot be modeled by SIMs at all, requiring 
a model with even more expressiveness - MIMs [WG2,WG3]. Despite these re- 
strictions, both TMs and PTMs are robust computational abstractions which 
serve as a foundation for formal study of algorithmic and sequential interactive 
computation, respectively. 

We expect that PTM-based models of computation can be generalized to 
model all sequential computation. We believe that a proper formalization of the 
notion of a PTM environment will be an important part of this effort. Though 
there is no ’’Silver Bullet” in the absolute sense, the problems of correctness 
testing and verification for interactive software systems may prove tractable - 
once we are willing to assume reasonable constraints on the system’s environ- 
ment. This is analogous to the role of pre- and post- conditions in algorithmic 
correctness proofs. 

We also expect that single- and multi- agent computation can be modeled 
within a single formalism. The methods and tools for formalizing PTM compu- 
tation developed in this paper will serve as a basis for a more comprehensive 
theory of interactive computation over these models. The resulting formalization 
of interactive computation is expected to be useful in providing a unifying con- 
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ceptual framework for many areas of Computer Science where the algorithmic 
model of computation is not sufficient. 



8.2 Directions for Future Research 

It will take much research to achieve the vision outlined above; here, we focus 
on some immediate extensions of current work. 

Interaction and Non-determinism: In this work, it has been assumed 
that PTMs are deterministic. Abandoning this assumption will mean providing 
appropriate models for non-deterministic PTM behavior, with corresponding 
notions of equivalence. We expect that this will yield many surprises; for ex- 
ample, whereas language-based and automata-based notions of equivalence are 
the same for deterministic systems, this is not the case for non-deterministic 
systems. Also, for automata-based models, we expect that choosing whether to 
associate outputs with transitions (Mealy-style) or with states (Mealy-style) has 
interesting consequences for non-deterministic PTMs that are not present in the 
deterministic case. 

Minimal PTMs: The Myhill-Nerode theorem has been applied to derive 
the notion of minimal PSAs, where all equivalent states are reduced to one. An 
analogous notion of minimality can be defined for PTMs, so there is exactly one 
state for each equivalence class over the set of I/O stream prefixes. We believe 
there is an alternate characterization of such a minimal PTM, in terms of final 
coalgebras [WG2]; this connection between traditional automata theory and the 
new field of coalgebras is worth exploring. 

Complexity Issues: A theory of interactive computation would not be 

complete without notions of complexity. Traditionally, complexity is measured 
in terms of input size; this approach does not suffice for PTMs, where the com- 
putations depends on the state as well, and indirectly, on the whole interaction 
history (section 2.4). In database theory, the notion of data complexity is used 
instead, where the size of the input is assumed insignificant and only the size of 
the data (i.e., the PTM state) is considered. The theory of interactive computa- 
tion will need to integrate both approaches in a coherent and rigorous fashion. It 
is expected that some techniques will be borrowed from the theory of interactive 
proof systems [Gol] . 
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Abstract. Cardinality constraints as well as key dependencies and func- 
tional dependencies are among the most popular classes of constraints in 
database models. While the formal properties of each of the constraint 
classes are now well understood, little is known about their interaction. 
The objective of this paper is to discuss how constraints from these 
classes go together. We propose methods for reasoning about a set of 
cardinality constraints, key and certain functional dependencies. More- 
over, we construct Armstrong databases for these constraints, which are 
of special interest for example-based deduction in database design. 



1 Introduction 

It is widely accepted now that database systems are best designed first at a con- 
ceptual level. The result of this process is a conceptual schema which describes 
the requirements that the desired database system must achieve, and serves as 
the basis for the following development phases. In conceptual design great at- 
tention is devoted to the modeling of semantics. Integrity constraints specify the 
way by that the elements of a database are associated to each other. Defining 
and enforcing integrity constraints helps to guarantee system correctness. 

During the last few decades, the area of integrity constraints has attracted con- 
siderable research interest. A large amount of different constraint classes has been 
discussed in the literature and actually used in database design. However, their 
mathematical rigour often entails complex semantics, and consequently handling 
them in a proper manner requires a good knowledge about their backgrounds. 
For an overview on semantics in databases, see e.g. [15,17,18]. 

The entity-relationship approach to conceptual database design, first introduced 
by Chen [4], provides a simple way of representing data in the form of entities 
and relationships among entities. In this approach, cardinality constraints are 
among the most popular classes of integrity constraints. They impose lower and 
upper bounds on the number of relationships an entity of a given type may be 
involved in. For cardinality constraints and generalizations, see [14,20]. 

Once declared, a conceptual schema can be mapped in an automatic way to a 
variety of implementation targets such as a relational database. The relational 
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database model, which goes back to Codd [5], has a strong theoretical back- 
ground which can be reused in most other database models. Extended entity- 
relationship models support all the major concepts of the relational model. For 
details and further discussion, we refer to [19]. 

Codd [5] also introduced functional dependencies, which are to be considered as 
one of the major concepts of the relational model. In particular, normalization 
theory up to BCNF is based on the idea of functional dependency. Among func- 
tional dependencies, key dependencies are of utmost interest. They are used to 
identify the tuples in a relation. 

Several authors extended functional dependencies to other database models such 
as object-based databases or temporal databases, see [19,22,23]. It is reasonable 
to ask how the extensions affect other constructs within these models. As pointed 
out in [19], results obtained from relational database theory can also be used in 
the entity-relationship model. This is of interest since the entity-relationship 
model is not only popular as an intuitive tool for conceptual design, but it 
becomes more and more prevalent as a mathematical data model upon which 
real database management systems are built. 

While each constraint class mentioned above is now quite well understood, 
we know little about their interaction. However, in practice the designer of a 
database will be confronted with the presence of constraints of either class. In 
order to ensure the correctness of a schema, the designer has (among others) 
to check the satisfiability of the specified constraint set. Unfortunately, efficien- 
t algorithms for consistency and implication checking are still missing for this 
situation. It should be noted that reasoning about a constraint set containing 
constraints from different classes happens to be significantly harder than han- 
dling the classes separately. It is well-known that constraints from the classes 
under consideration interact with each other. For example, key dependencies 
can be used to express certain cardinality constraints, and vice versa. These 
interactions may cause a database schema to exhibit undesirable properties. 

The objective of this paper is to discuss possible interactions between cardinality 
constraints and key or functional dependencies. In particular, we present meth- 
ods for reasoning about a set of cardinality constraints, key dependencies and 
certain functional dependencies, namely non-unary functional dependencies. 

This paper is organized as follows. In Section 2, we briefly describe the data 
model to be used. All our considerations are carried out in the higher-order en- 
tity relationship model (HERM, see [19]) which extends the original approach 
by Chen. In Section 3, we give a formal definition of the constraints mentioned 
above. Moreover, the consistency and the implication problem for constraint 
classes are addressed. Section 4 collects some known results about cardinality 
constraints to be used in further investigations. Section 5 is devoted to the con- 
sistency problem. Section 6 to the implication problem. In Section 7 we discuss 
some problems concerning unary functional dependencies. Due to the lack of 
space, proofs are omitted or sketched only. The proofs of the major theorems 
are given in the final section. 
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2 The Data Model 

This section briefly describes the basic concepts of the entity-relationship ap- 
proach. We concentrate ourselves on a characteristic subset of design constructs 
to be used below. 

Let S be a non-empty, finite set. In the context of our approach, the elements 
of E are called entity types. With each entity type e we associate a flnite set 
e* called the domain or population of the type e (at moment t). The members 
of e* are entity instances or entities, for short. Intuitively, entities can be seen 
as real-world objects which are of interest for some application or purpose. By 
classifying them and specifying their significant properties (attributes), we obtain 
entity types which are frequently used to model the objects in their domains. 

A relationship type r is a set (or sequence) {e_i, . . . ,ej,} of elements from 
Relationship types are used to model associations between real-world objects, 
i.e. entities. A relationship or instance of type r is a tuple from the cartesian 
product ej X . . . X where ej , . . . , are the domains of , . . . , 6 )^, respectively, 
at moment t. A flnite set r* of such relationships forms the population of r at 
moment t. 

The relationship types considered so far are often called relationship types of 
order 1 (cf. [19]). Analogously, relationship types of higher order may be defined 
hierarchically. Suppose now, we are given entity and/or relationship types of 
order less then f > 0. A set . . . ,Ufc} of them forms a relationship type r of 
order i. As above, we define relationships of type r as tuples from the cartesian 
product wj X ... X for a moment t. 

In a relationship type r = ... ,U)^} each of the entity or relationship types 

Ui, . . . ,Uy. is said to be a component type of r. Additionally, each of the pairs 
{ZilLj) is called a link. 

Let 5 = {r_i, ■ • ■ ,£„} bo ^ set of entity and relationship types where with each 
relationship type r, all its component types belong to S_, too. Then S_ is called a 
database scheme. Replacing each type r in 5 by its population r* at moment t, 
we obtain a database or instance 5* of S[. 

A database 5* is flnite if each of the populations r* is flnite. In this paper, we are 
only interested in flnite databases. Furthermore, a database is fully-populated 
iff none of the populations rf is empty. 

From the graph-theoretical point of view, a database scheme S_ can be considered 
as a flnite digraph £933 = (S[, £) with vertex set ^ and a collection £ of arcs. 
In £9l!D there shall be an arc from r to m whenever u is a component type 
of the relationship type r. Hence, the arcs in are just the links in the 

database scheme. The digraph £9l!D is known as the entity-relationship diagram 
of 5. Usually, the entity types are represented graphically by rectangles, the 
relationship types by diamonds. Using the diagram technique, even complex 
schemes can be understood and handled. 
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3 Integrity Constraints 

In this section, we give formal definitions of the constraints to be studied in the 
sequel. Assume, we are given a database schema ^ together with an instance 
Let r be a relationship type in 5 with population r*. If A C r and if r C r*, then 
we denote the restriction of r to A by r [A]. 

A min- cardinality constraint is a statement cmin{r,i^ = a where u is a compo- 
nent type of r. The population r* satisfies this constraint if every instance u of 
u occurs at least a times in relationships r G . 

Analogously, a max- cardinality constraint is a statement cmax{r,u) = b where 
M is a component type of u. The constraint holds in r* iff every instance u of 
type u appears at most b times in relationships of type r. 

Cardinality constraints are usually reflected graphically in the entity-relationship 
diagram as {cmin, cmax)-lahels associated to the corresponding links. If no 
min- or max-cardinality constraint is given for a link (r , u) , we may assume 
cmin{r,u) = 0 and cmax{r,u) = oo, respectively. It is easy to see that this does 
not represent a real constraint, but is more or less a technical agreement. 




Fig. 1. An entity-relationship diagram with labels for the cardinality constraints. 



A subset A C r is a key for r iff the restrictions r[A], r G r*, are pairwise 
distinct. If A is a key for r, then the population r* satisfies the key dependency 
r: X ^ r. 

Finally, a functional dependency is a statement r : A — > A where both, A 
and Y are subsets of r. The population rf satisfies the functional dependency 
r : A ^ A iff we have ri[A] = T 2 [A] whenever ri[A] = T 2 [A] holds for any two 
relationships r\ and V 2 in r*. A functional dependency is said to be unary if A 
contains a single component type from r, and non-unary otherwise. 

Example. Below we give a small example to provide some motivation for the 
issues we are going to tackle. Consider a part of a university database schema 
involving the entity types PROFESSOR, Assistant, Course, Building, Lec- 
ture Hall and Date. On this set we define a relationship type Lecture re- 
flecting assignments of professors and their assistants to courses in combination 
with the dates and locations they take place at. Figure 2 shows the corresponding 
diagram. 
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In this schema, constraints have to be defined to meet the requirements of the 
university schedule. Let us consider some examples. The cardinality constraints 
cTOm(LECTURE, Professor) = 3 and cmoa:( Lecture, Professor) = 6 s- 
tate that every professor will give 3 to 6 lectures per term. If every professor 
has only one assistant per course, then the non-unary functional dependen- 
cy Lecture;{Professor, Course} ^ {Assistant} holds. Since every lecture 
hall is situated in only one building, we also have the unary functional dependen- 
cy Lecture; {Lecture Hall} ^ {Building}. Moreover, the key dependency 
Lecture; {Course, Date} ^Lecture tells us there is only one lecture for 
every course per day. Other constraints may be defined due to the schedule of 
the university or deduced from the ones explicitly stated. The questions we deal 
with are whether such a set of constraints is conflict-free, and which additional 
constraints may be deduced without being explicitly stated. 




Fig. 2. Entity-relationship diagram for our example. 



Let C,/C and T denote the classes of all possible cardinality constraints, key 
dependencies or functional dependencies, respectively. In the sequel, if we refer 
to a constraint, we always mean one from these classes. 

A database instance ^ satisfies a given constraint cr iff ct holds for the corre- 
sponding population r* in ^ . Moreover, r* and 5* satisfy a set S of constraints 
iff r* and 5*, respectively, satisfy each of the constraints in S. 

Let A be a constraint set defined on the database schema S_. Every database 
instance satisfying all the constraints in S is said to be legal for S. Conse- 
quently, S is said to be satisfiahle if it admits at least one legal database instance. 
Again it should be noted that we only pay attention to finite databases. 

As pointed out in [13], it is usually not enough to consider satisfiability. Obvious- 
ly, the empty database is legal for every set of cardinality constraints. However 
it may happen that there is a type in S_ without instances in any legal database. 
Examples are given in [13]. For practical reasons, we ask for fully-populated legal 
databases. A constraint set S admitting such a database is said to be consisten- 
t. A fully-populated legal database for S will also be called a sample database. 
Sample databases, especially the later described Armstrong databases, can be 
used for database mining and design- by-example. 
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The consistency problem for a constraint class Z is to decide whether a given set 
S Z Z \s consistent or not. For cardinality constraints, the consistency problem 
has been considered by several authors, e.g. [10,13,20]. It is well-known, that 
there exist inconsistent sets of cardinality constraints. On the other hand, sets 
of key or functional dependencies are always consistent. However, the situation 
may change dramatically if they come together with cardinality constraints. 

Example. Consider the schema given in Figure 1. The specified set of cardinality 
constraints is consistent. Now add a key dependency Z 2 : {£ 2 } — > 2 : 2 . It is easy 
to check, that the resulting constraint set happens to be inconsistent, and the 
empty database is the only legal one. A further example for this observation is 
given in Section 7. 

If A is a constraint set and a a single constraint, then S implies a (denoted by 
E \= a) ii every legal database for E satisfies cr, too. Conversely, E a holds, 
if there is a legal database (a certificate) for E violating cr. 

The implication problem for a constraint class Z is to decide whether a given 
set E C Z implies a € Z or not. A constraint set E is semantically closed in Z 
if cr e A whenever E \= a holds. We denote the closure of a constraint set E by 
Cz{E). The determination of the closed sets in a constraint class is of special 
interest. Clearly, E \= a holds iff cr is in the closure of E. Hence the detection of 
the closed sets in a constraint class Z completely solves the implication problem 
for Z. Moreover, it enables us to decide whether constraint sets are equivalent. 
Database designers usually look for equivalent constraint sets which are better 
for control and maintenance in real life databases. 

It is often argued, that the consistency problem and the implication problem 
are two sides of the same coin (e.g. [21]). Checking implication can be done by 
adding the negation of cr to A and testing the resulting set. Conversely, checking 
inconsistency can be done by testing implication of an unsatisfiable constraint. 
However, this is only half of the truth. In general, the negation of a constraint 
from a class Z is not in Z again. For example, the negation of a cardinality 
constraint is an existence constraint, the negation of a functional dependency is 
an afunctional constraint. 

Usually, it is easier to solve the consistency problem than the implication prob- 
lem, at least for real life constraints. It the remaining sections we shall always 
start tackling consistency before discussing implication. 

Finally, we shall introduce the notions of Armstrong populations and Armstrong 
databases. Informally, Armstrong databases are sample databases capturing all 
implications of a constraint set A in Z. Recall, that if E ^ a there is a legal 
database for A violating cr. We call it a certificate for a. However, there is no 
a priori guarantee that there exists a single database serving as a certificate for 
all constraints a G Z not implied by A. 

An Armstrong population for A (with respect to a constraint class Z) is a pop- 
ulation r* of r satisfying all constraints from A, but violating every constraint 
cr G Z defined on r with E a. Analogously, an Armstrong database for A (with 
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respect to Z) is a legal database ^ such that a G Z holds iff Z |= ct. Obviously, 
in an Armstrong database all populations are Armstrong populations. 

In order to test whether a constraint follows from an initial set S we may test 
whether it holds in the Armstrong database and decide accordingly. Thus, the 
implication problem reduces to verification in a single example. The concept of 
Armstrong databases is closely connected to database mining, i.e. the use of 
given databases for the extraction of constraints. This is an important tool for 
design-by-example as suggested by Mannila and Raiha [16]. 

In Section 6, we shall consider Armstrong databases for sets of cardinality con- 
straints, key and functional dependencies. We shall use them in particular, to 
prove certain constraint sets to be semantically closed. 



4 Reasoning About Cardinality Constraints 

In this section, we shall assemble some terminology and known results concerning 
cardinality constraints which will be required in the sequel. Throughout, let <2 
be a database schema and Sc a set of cardinality constraints defined on 2. We 
start with the following trivial observation. 

Lemma 1 For every link (r, u) in 2 we have 

cmin{r,u) = 0 and cmax{r,u) = oo, (1) 

cmin{r, u) = a implies cmin{r, u) = a' for all a' < a, (2) 

cmax{r,u) = b implies cmax{r,u) = b' for all b' > b. (3) 

The constraints given by (1) are said to be trivial. Put 

C({Lj1L) = rnaxja : {cmin{r, u) = a) G A} 

P{Li1L) = rnin{6 : {cmax{p,u} = b) G A}. 

Hence, the sharpest constraints explicitly stated in Ac for a link (r , u) are given 
by cx{r,u) and P{r,u). The following claim gives a first result concerning the 
consistency of Ac. 

Lemma 2 Ac is consistent iff there is a function g:S[^N={l,2,...} such 
that 

a{r,u) < < !3{r,u) (4) 

gyu) 

holds for every link (r , u) . 

Given such a function g, it is possible to construct a sample database 2* for Ac 
where the population rf has size g{r) for every type r in S_. The main problem 
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is to find a suitable function g. In [10], we used shortest-path methods in certain 
digraphs for this purpose. 

Let S = {S_,C U C~^) be the symmetric digraph which we obtain from the 
entity-relationship diagram (£942) = (S_,£) by adding to each link L = (r,u) 
the reverse arc L~^ = {u,r). On the arcs of 2) we define a weight function 
w : CU C~^ — > Q U {oo} by 

(T\ 1 ^ ifa(r,u) = 0, , 

= ^ ^r, • )=/3(r,u), (5) 

ll/a(r, u) otherwise, 

where L is the original link (r,u) G C and L~^ is its reverse. 




Fig. 3. The digraph 2) corresponding to the diagram in Figure 1. 



This weight function can be extended to subdigraphs 2)' of 2) by w(2)') = 
Y\l&A' ^(^)> where C L U L~^ is the collection of arcs in 2)'. 

Special interest is devoted to directed cycles in 2). A directed cycle 3 is said to 
be critical if its weight w(3) is less than 1, and subcritical if its weight equals 1. 

The following result was proved by Lenzerini and Nobili [13] and Thalheim [19]. 
In [10] a polynomial-time algorithm is proposed to construct sample databases 
or to detect critical cycles using shortest-path methods (namely a variation of 
the well-known Bellman-Ford algorithm) . Hence, the question whether a set Sc 
of cardinality constraints is consistent or not can be decided in polynomial time. 

Lemma 3 Sc is consistent iff the digraph 2) has no critical cycles. 

The implication problem for cardinality constraints was solved in [11]. The main 
observation is the following. 

Lemma 4 Let Sc he eonsistent, and (r,u) be a link in S_. Then Sc implies 
cmax{r,u) = a{r,u) iff the link (r,u) lies on a suheritical cycle in 2), and 
cmin{r,u) = (3{r,u) iff the reverse arc (u,r) lies on a suheritical cycle in 2). 

In [11], we called Sc strongly consistent iff it is consistent and a{r,u) = P{r,u) 
holds whenever link (r , u) or its reverse arc (m, r) lie on a subcritical cycle. 
Moreover, we proved the following characterization of closed sets of cardinality 
constraints. 
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Lemma 5 Let Sc be consistent. Then Sq is closed in C iff it is strongly con- 
sistent and contains all constraints obtained by Lemma 1. 

This solves the implication problem for consistent sets in C. Of course, one can 
also consider inconsistent sets. However, this seems to be of academic use only, 
and will be omitted here due to space limitations. In [11], we also provided 
polynomial-time algorithms to detect arcs on subcritical cycles, such that the 
implication problem for C can be solved efficiently. 

In order to prove a set Sc in C to be closed, we constructed Armstrong databases. 

Lemma 6 A consistent set Sc admits an Armstrong database (with respect to 
C) iff it implies a non-trivial max- cardinality constraint for every link in 5. 

Assume, there is a link (r, m) such that cmax{r, m) = oo is the only max- 
cardinality constraint for this link obtained from Sc- Then, for every integer 
b, there must be an instance u of type u participating in more than b relation- 
ships in an Armstrong population of r. Hence, the resulting database would be 
infinite. Since we restricted ourselves to finite databases, there will not be an 
Armstrong database for this case. 

However, if we fix b, then there exists a sample database with an instance u 
involved in more than b relationships of type r for every link (r, u) without 
a nontrivial max-cardinality constraint. Taking such a database for every 6, we 
obtain a sequence of sample databases which we shall call an Armstrong sequence. 
Due to [11], every consistent set Sc admits at least an Armstrong sequence of 
sample databases (with respect to C). 



5 The Consistency Problem 

Sets of key and functional dependencies are always consistent. But as seen in the 
example of Figure 1, this is not longer true if we are given cardinality constraints, 
too. The reason for this is the following simple observation (see also [20]). 

Lemma 7 The key dependency r : {u} ^ r implies cmax{r,u) = 1, and vice 
versa. 

Throughout, let 5 be a database schema, and Sc, Sk and Sp denote sets of car- 
dinality constraints, key dependencies and functional dependencies, respectively, 
defined on S_. 

It is noteworthy, that Lemma 7 contains the only nontrivial interaction between 
cardinality constraints and key dependencies. Let S^ = {cmax{r,u) = 1 : 
(r : {u} —>■ r) G Sp} contain all cardinality constraints obtained from key 
dependencies in Sp via Lemma 7. 
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Theorem 8 Let S = Sc U Sk ■ Then S is consistent iff Sq U S'^ is consistent. 

The proof of this claim uses structures from combinatorial design theory, namely 
resolvable transversal designs. For details on transversal designs, we refer to [12]. 
The proof of the theorem is given in Section 9. 

Example. Theorem 8 shows why the cardinality constraints given in Figure 1 
together with the key dependency Z 2 • {£ 2 } ^ £2 longer consistent. 

Here S^ contains the additional max-cardinality constraint cmax{z 2 ^ S. 2 ) = 1- 
This leads to a modification of the weight function w defined by (5) as shown in 
Figure 4. It is easy to check that the cycle (e 2 ,r 2 >£i)£i) weight 1/2, i.e. is 
critical. 




Fig. 4. The digraph representing an additional key dependency. 



The consistency of Sc U S'^ may be checked in polynomial time as proposed 
in Section 4. In particular, a consistent set of cardinality constraints together 
with a set of non-unary key dependencies will always be consistent. The same 
observation holds for functional dependencies. We will state this in a slightly 
stronger version as follows. 

Theorem 9 Let S = Sc U Sk U Sp, and assume that all functional dependen- 
cies in Sp are trivial, non-unary or implied by key dependencies in Sp. Then 
S is consistent iff Sc U S^ is consistent. 

Unfortunately, this claim does not hold for arbitrary sets of functional depen- 
dencies as shown in Section 7. 



6 The Implication Problem 



We start with some known results on the implication problem for key and func- 
tional dependencies, and then use those to obtain generalizations in the presence 
of cardinality constraints. Delobel and Casey [6] gave a set of inference rules for 
functional dependencies, which Armstrong [1] proved to be complete. We record 
these rules for future reference. 
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Lemma 10 Letr_ he a relationship type, and X,Y, Z be subsets of its component 
types. Then 



r : A 


— > Y holds whenever Y C X, 


(6) 


r : A 


Y and r:Y^Z imply r: X ^ Z, 


(7) 


r : A 


Y implies r:AUZ— 


(8) 


For key dependencies, we may conclude the following rules. 
Lemma 11 Let r be a relationship type, and X,Y be subsets 


of its component 


types. Then we have r : 
r : A - 


r — > r and 

r implies r:Y^r whenever ACT. 


(9) 



According to Armstrong [1], the rules given in Lemma 10 and 11 are correct 
and complete. Hence, Sp {Sp) is closed in T (/C) iff it contains all constraints 
obtained by applying Lemma 10 (11, respectively). 

Constraints obtained by (6) are said to be trivial. The Armstrong rules gave rise 
to a considerable number of papers concerning applications, consequences and 
alternate rules. For a discussion, see [18]. In [1,2], one finds methods for con- 
structing Armstrong databases for functional dependencies. Attention to combi- 
natorial properties of functional dependencies has been drawn e.g. in [7,8]. 

As pointed out by Demetrovics and Thi [8], functional dependencies can be 
represented by closure operations. For a relationship type r and any subset 
A C r, we put 

cl{X) = {m G r : Sp ]= (A ^ {m})}- 

This induces a closure operation on the subsets of r. We call A functionally 
closed (with respect to Sp) if cl{X) = A holds. Conversely, for every closure 
operation cl on r, the set 

Sp = {{r: X ^Y) :Y C d(A)} 

is semantically closed in the class T of functional dependencies. 

To continue with, we shall introduce some graph-theoretical notions which turn 
out to be useful in the future. Assume, we are given a database instance 5* 
of S_. For every link (r, m) we consider a graph &*{r,u) whose vertices are the 
relationships in r*. Two distinct relationships ri and V 2 are connected by an edge 
in <3*{r,u) iff ri[u] = r 2 [w] holds. 

Obviously, 0‘(r, u) is a collection of vertex-disjoint, complete subgraphs (each 
of them corresponding to exactly one instance u of type u). We call 
the representation graph of the link (r, u) (with respect to the given database 
instance 5*). Moreover, let 0‘(r, A) denote the intersection of the representation 
graphs 0*(r, m), m G A, for any subset A of r. 

Representation graphs give us useful information on the constraints hold in Sf . 
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Lemma 12 A database instance 5* satisfies 

cmin{r,u) = a iff all components of&*{r,u) have at least a vertices, 
cmax{r,u) = b iff all components of&*{r,u) have at most b vertices, 
r : X ^ r iff (3* {r, X) is edgeless, 
r:X^Y iff 3^{r,X) is a subgraph of 3*{r,Y). 

Here components mean maximal connected subgraphs, which should not be con- 
fused with the component types of relationship types. With the help of repre- 
sentation graphs, we obtain 

Theorem 13 Let Sc be consistent. Sc U Sk is closed inCUlC iff Sc is closed 
in C, Sk is closed in K. and we have 

{{r,u) : {cmax{r,u) = 1) G Sc} = {(zi,u) : (r : u ^ r) G Sk}- (10) 

Condition (10) ensures that all implications obtained by Lemma 7 are considered. 
A key dependency r: X ^ r forces A to be a key for r. Conversely, A is a non- 
key, if it is not a key. A non-key A is said to be an antikey, if every proper 
superset of A is a key. 

To prove Theorem 13 we have, among others, to construct representation graphs 
©*(r, m), such that the intersection graph ©*(r. A) contains at least one edge for 
every non-key A C r. This proves A ^ (r : A ^ r). Actually, it is sufficient to 
consider antikeys, as every non-key A admits an antikey Y such that ACT, 

i.e. &*(r,Y) is a subgraph of ©*(r. A). 

As a result, we obtain Armstrong populations for S with respect to /C. Mixing 
them with an appropriate Armstrong database (Armstrong sequence, respective- 
ly) for S with respect to C, we obtain the same with respect to C U /C. The main 
tool of our proof is the following theorem due to Hajnal and Szemeredi [9] . 

Theorem 14 Let Sj be a graph with m = ts vertices and maximum valency less 
than t, then there exists a vertex decomposition of into t sets of s pairwise 
non-adjacent vertices. 

Details on our proof will be given in Section 9. Theorem 13 gives us an efficient 
way to decide implication in C U /C. 

Algorithm 15 Given Sc and Sk, proceed as follows: 

1. Determine S^ by applying Lemma 1 to Sk. 

2. Determine the closure of Sc U in C as proposed in Section 4- 

3. Determine S^ by applying Lemma 7 to the closure Cc{Sc U A^). 

4 . Determine the closure of Sk U Sq in 1C as proposed by Lemma 11. 

5. Cc{Sc U A^) U Ck{Sk U A^) gives the closure of Sc U Sk in CU K.. 
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Using similar methods, we are able to obtain results on cardinality constraints 
and functional dependencies. 

Theorem 16 Let Sc be eonsistent and Sp eontain non-unary functional de- 
pendencies only. Sc U Sp is closed in C U IF iff Sc is closed in C and Sp is 
closed in T . 

This time we have to construct representation graphs &*(r_,u) such that for every 
functionally closed set X C r, there is a pair of relationships ri_x and T 2 ,x of 
type r connected by an edge in 0*(r, X), but not in any of the representation 
graphs ©*(r, m), X. 

Finally, as a corollary, we obtain the next result. 

Corollary 17 Let Sc be consistent and Sp contain non-unary functional de- 
pendencies only. Sc U Sp U Sp is closed in CU 1C U if iff Sc U Sp is closed in 
C U /C and Sp U Sp is closed in 1C U if. 

7 Unary Functional Dependencies 

Until now, we usually excluded unary functional dependencies. In this section 
we shall give a brief impression why these dependencies play a special role in the 
presence of cardinality constraints. However, it is noteworthy that a set Sc of 
cardinality constraints will never imply a functional dependency different from 
those obtained by Lemma 7. 

Lemma 18 Let r be a relationship type, and u, v be component types of r. Sc 
implies a functional dependency r : {u} ^ {u} iff it implies cmax{r,u) = 1. 

Conversely, if we are given cardinality constraints and functional dependencies, 
then one may conclude further implications. 

Example. Consider the schemata in Figure 5. The specified sets of cardinality 
constraints are both consistent. Assume, we are given the functional dependency 
r : {u} ^ {u}, too. In every legal database instance, the representation graph 
&*{r,u) has to be a subgraph of ©*(r,u). 

For the first schema, the components of 0* (r , u) are complete graphs on 4 to 6 
vertices, while the components of 0*(r, u) are complete graphs on 5 to 7 vertices. 
The only possible decomposition of components of 0‘(r, v) into those of 0‘(r, u) 
is the trivial one. Hence, both representation graphs are isomorphic. This gives us 
the new constraints r : {u} ^ {m} as well as cmin{r,u) = 5 and cmax{r,v) = 6. 

For the second schema in Figure 5, the situation is even worse. A similar argu- 
mentation shows the specified set of constraints to be inconsistent. 

The following result summarizes the observations indicated by the examples. A 
rigorous exploitation of the argumentation gives further results, which we skip 
out here due to space limitations. 
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Fig. 5. Examples for interactions with a functional dependency r : {m} ^ {u}. 



Lemma 19 Let rbe a relationship type, and u,v be component types ofr. Then 

cmax{r,v) = b and r : {u} ^ {u} imply cmax{r, u) = b, 

cmin{r,u) = a and r : {u} ^ {n} imply cmin{r,v) = a, 

cmax{r,v) = b,cmin{r,u) = a and r : {u} ^ {u} imply r : {n} ^ {m} 

whenever b < 2a. 

An interesting idea to handle unary functional dependencies was given by 
Biskup et al. [3]. They use these constraints to decompose relationship types 
by pivoting. In our example from Section 3, the unary functional dependency 
Lecture: {Lecture Hall} ^ {Building} may be used for this approach. As 
a result we would obtain the diagram in Figure 6. Here this functional depen- 
dency is naturally enforced by the structure of the schema. 




Fig. 6. Entity-relationship diagram after decomposition by pivoting. 



Decomposition by pivoting is closely related to decomposition into BCNF. A 
relationship type r is in Boyce-Codd Normal Form (BCNF) with respect to Ep 
if every functional dependency r : A ^ F in Sp is trivial (i.e. Y C X), or X is 
a key for r. Applying Theorem 9 and Corollary 17, we may conclude as follows. 

Theorem 20 Assume every relationship type r is in BCNF. Then S = Ec U 
Ek U Ep is consistent iff Eq U E^ is consistent. In addition, E is closed in 
C U /C U A iff Ec U Ep is closed in C U K. and Ep U Ep is closed in K.U T. 
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Recall, that closures in C U /C and in /C U IF can be determined applying Algo- 
rithm 15 and the Armstrong rules, respectively. This gives us an efficient proce- 
dure to check implication under the assumption of BCNF. 



8 Conclusions 

In this paper, we provided an efficient method for reasoning about a constraint 
set comprising cardinality constraints as well as key and functional dependencies. 
Reasoning means checking consistency and logical implication. Today, cardinal- 
ity constraints are embedded in most CASE tools, which are usually based on 
the entity-relationship model. Although these tools include basic reasoning me- 
thods, they do not offer intelligent consistency checking routines for constraint 
set containing not only functional dependencies, but also cardinality constraints. 
Applying the ideas presented in this paper, it would be possible to derive inter- 
esting properties of schemata, or to detect conflicts among the constraints under 
discussion. 

There are at least two problems which should be investigated in future. In the 
last section, we gave examples for interactions between cardinality constraints 
and unary functional dependencies. It would be nice to have a characterization of 
semantically closed sets in the presence of unary dependencies without additional 
assumptions such as BCNF. 

The second problem concerns Armstrong databases. The Armstrong databases 
constructed to prove Theorem 13 are extremely large. In order to use Armstrong 
databases for database mining, they have to be of reasonable size. Thus we 
are looking for small databases as done in [7] for functional dependencies only. 
For cardinality constraints, a similar problem is considered in [11]. It would be 
interesting to decide, whether there exists a sample database where the size of 
every population is bounded by a given integer. Unfortunately, it is still unknown 
whether this problem is NP-complete or not. A solution of this question would 
give us new information on the size of Armstrong databases. 



9 Proofs of the Main Results 

In this section, we shall give proofs for the Theorems 8 and 13. 

To begin with, we introduce some notation. A transversal design TD{k,q) is a 
set of tuples from {!,... , such that any two tuples agree in at most one 
entry. A subset of q pairwise disjoint tuples is said to be a resolution class. The 
transversal design is resolvable if it is decomposable into q resolution classes. 
Resolvable transversal designs are known to exist for fixed k and sufficiently 
large q. In particular, they exist for every prime power q > k. 

Proof ( of Theorem 8). The necessity is trivial, so we continue with the sufficiency. 
Since Sq U is consistent, there exists a sample database 5*. Denote the 




Interactions of Cardinality Constraints and Functional Dependencies 151 



number of instances of every type r by g{r). We choose a prime power q larger 
than each of the integers g{r), and larger than n, the number of types in S_. 
From 5* we shall construct a new database where every type r has qg{r) 
instances. 

Let e be an entity type. For every old instance e, we introduce q new instances 
(e, 1), . . . , (e, q). Next, let r be a relationship type with k component types. Due 
to our choice of q, there is a resolvable transversal design TD{k,q). For every 
old instance r of r, fix an own resolution class in the transversal design. Let 
r = (mi, . . . , Uk) be an old instance of r, and (ti, . . . ,ik) a tuple in the associ- 
ated resolution class. Then we introduce a new instance ((ui,zi), . . . , (uk,ik))- 
Doing the same for every old relationship and every tuple in the corresponding 
resolution class, we obtain a new population r** for r with exactly qg{r) in- 
stances. We apply the same procedure hierarchically to every relationship type 
in 5. 

Obviously, every new instance (u, i) of a component type from r participates in 
the same number of new relationships as the old instance u did in old relation- 
ships. Hence, the new database 5** is again a sample database for Sc U S^. 
It is easy to check, that any two new relationships of a certain type r share at 
most one entry. Therefore 5'* satisfies every key dependency in Sk, too. □ 

The same construction also indicates a proof for Theorem 9. 

We now turn to Theorem 13. Its proof requires some preliminary observations. 
Let Sc be a consistent and closed set of cardinality constraints. According to 
Lemma 5, Sc is strongly consistent. In [11], we gave the following characteriza- 
tion, which is similar to Lemma 2. 

Lemma 21 Let Sc be consistent. Then Sc is strongly consistent iff there exists 
a function g : 5 ^ N such that 

=Pir,u), if a{r,u) = P{r,u), 

g[u) 

< —Ft otherwise, 

5(m) 

holds for every link (r , u) . 

To prove this, we constructed Armstrong databases (Armstrong sequences, re- 
spectively) for Sc where the population r® has size Ag(r) for every type r in S_. 
Here A denotes any sufficiently large integer. 

Let Sk be a closed set of key dependencies, and assume Condition (10) holds. 
In the sequel, let r be a relationship type in S_. 

Lemma 22 There is an Armstrong population rf of z for Sk (with respect to 
K. ), satisfying all constraints in Sc defined on r. 



( 11 ) 

(12) 
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Proof. For every component type u of r, put 

u) if C({Lj m) ^ 2 , 

1 if l3{r,u) < 1, 

2 otherwise. 

Put TO = (7 + 2) n« 6 r s(m), where 7 denotes the number of antikeys of r (given 
by Sk). Here, to will be the size of the population r*, and every component 
type u of r will have exactly m/s{u) instances. Moreover, each instance of type 
u will participate in exactly s{u) relationships. Since a{r,u) < s{u) < /3(r, u), 
this ensures that the claimed cardinality constraints in Sc hold. 

Put r* = {ri, ... ,rm}. On the vertex set rf, we shall construct representation 
graphs 0*(r, m). In the beginning, let all vertices in r* be unmarked. For every 
antikey X C r, choose two unmarked vertices ri^x and mark them. Next, 
connect ri^x and r 2 ,x by an edge in every graph 0 *(r, u) with uGX. 

Fix a component type u. For every edge in 0*(r, m), choose s{u) — 2 unmarked 
vertices from rf and mark them. In addition, let the complete graph on these 
s(u) vertices be a component of the graph 0‘(r, u). In the same way, we proceed 
for all component types u. 

Let Sj denote the union of the graphs 0*(r, u) constructed so far. Again, we fix 
a component type u. Note, that at the moment, 0*(r, m) consists of a certain 
number of components of size s{u) together with a set I(v,) of isolated vertices. 
Consider the subgraph Sj' of Sj induced by / (u) . Here every vertex has valency at 
most — 1). Due to our choice of to, we have ~ 1) < rri/s{u) 

and thus maximum valency less than m/s{u). Applying the Theorem of Hajnal 
and Szemeredi (Theorem 14) to Sj', its vertex set I{u) may be decomposed into 
subsets of size s(u), such that the vertices within a subset are pairwise non- 
adjacent. We add the complete graph on each of these subsets as a component 
to 0*(r, m). The resulting graph 0*(r, m) will be the representation graph of u- 
We apply the same procedure to each of the component types u of r. 

It remains to show that the constructed population r* has the desired properties. 
Let cmin{r,u) = a and cmax{r,u) = b he cardinality constraints in Eq. The 
representation graph 0 * (r , u) consists of a collection of vertex-disjoint complete 
graphs on s(m) vertices each (the components of 0*(r,u)). Each component 
corresponds to an instance of type u participating in exactly s(m) relationships. 
Since a < a{r,u) < s(u) < (3{r,u) < b, the claimed constraints hold. This proves 
rf to satisfy Eq. 

Let r : Y — > r be a key dependency in Ex- Assume, the intersection graph 
0*(r, Y) contains an edge. Due to our construction, there must be an antikey X 
with Y C X. This forces Y to be a non-key which gives a contradiction. Hence, 
0*(L) X) is edgeless and the key dependency holds. This proves r* to satisfy Ex- 

Finally, let r : E — > r be a key dependency not in Ex- Since E is a non-key, 
there exists an antikey X with Y C X . The intersection graph 0*(r, A) contains 
an edge connecting n^x and r 2 ,x- Since 0*(r, X) is a subgraph of 0‘(r, Y), this 
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edge is also in the later one. Thus the key dependency r : Y ^ r is violated. 
Therefore, r* is an Armstrong population for Sk with respect to /C. □ 

For further reference, put gr{r) = ^ and gr{u) = m/s{u) for every compo- 
nent type of r. These values denote the number of instances of r and u in the 
population just constructed. 

Let g : ig ^ N be a function satisfying (11,12), let g be a sufficiently large prime 
power, and let A and g, be sufficiently large integers such that 

g >gr{r) - a{r,u)gr{u), 
g >(3{r,u)gr{u) — grif), if is finite, 

hold for every link (r, m) in the schema S_. 

Again, let r be a fixed relationship type of S_. It must be emphasized, that the 
population r* constructed above usually satisfies cardinality constraints not in 
Sc- However, it can be applied to obtain the following stronger result. Suppose 
that Sc contains a non-trivial max-cardinality constraint for every link {r,u). 

Lemma 23 There is an Armstrong population of r for Sk (with respect to 
1C), which is also an Armstrong population for Sc (with respect to C ). 

Proof. To begin with, put hr{r) = gg{r) — gr{r) and hr{u) = gg{u) — gr(u) 
for every u G r. Let us check, that hr satisfies (11,12). If a{r,u) = P{r,u), we 
have g{r)/g{u) = f3{r,u) and griz) / gr{u) = s{u) = P{r,u). This implies (11). If 
ct{r,u) < (3{r,u), we have 



1 < 9{l) - a{r,u)g{u) 

gr{r) - a{r,u)gr{r,u) < g< g{g{r) - a{r,u)g{u)) 
a{r,u)gg{u) - a{r,u)gr{u) < gg{r) - gr{r), 

which implies the left side of (12). The right side holds analogously. 

By Lemma 21, there is an Armstrong population r® for Sc (with respect to C) 
such that r® is of size Xhr{r) and every component type u has Xhr{u) instances. 
Again, A denotes a sufficiently large integer. Applying the construction presented 
in the proof of Theorem 8, we obtain an Armstrong population r®* for Sc (with 
respect to C) such that any two relationships have at most one entry in common, 
r®* is of size qXhr{r) and every component type u has qXhr{u) instances. 

Next, we take qX copies of the population rf obtained in Lemma 23, and join them 
with the population r®* just constructed. Let rf denote the resultant population. 
Due to our construction, rf satisfies every constraint in Sk U Sc- Since rf* is a 
subpopulation, no cardinality constraint not in Sc holds in rf . Moreover, since 
rf from Lemma 23 is a subpopulation, rf satisfies no key dependency not in Sk- 
This proves the claim. □ 
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The population obtained above is of size /i(r) = = q\gr{z) + q^hr{f) . 

Analogously, every component type m of r has ft-(u) = qXg,g{u) instances. 

Now, we are ready to prove Theorem 13. 

Proof (of Theorem 13). Condition (10) is an easy consequence of Lemma 7. This 
shows the necessity. We shall proceed with the sufficiency. 

Assume, Sq contains a non-trivial max-cardinality constraint for every relation- 
ship type in S_. To prove Sc U Sk to be closed in C U /C, we shall construct 
a database Sf satisfying all constraints in Sq U Sk, but no constraint not in 
Sc U Sk ■ 

The idea is to comprise the populations constructed above. For every entity 
type e in the database schema S_, we take h{e) = qXg.g{e) instances. Afterwards, 
we add the populations rf hierarchically to the database. Finally, we obtain a 
database 5^. As shown above, satisfies all constraints in Sc U Sk, but no 
other constraint from C U /C. Hence, Sc U Sk is closed in the class of cardinality 
constraints and key dependencies. Moreover, Sf is an Armstrong database for 
Sc U Sk (with respect to C U /C). 

If Sc does not contain a non-trivial max-cardinality constraint for every rela- 
tionship type in S_, we may conclude in a similar way. However, this time, we 
do not obtain an Armstrong database, but an Armstrong sequence of sample 
databases. □ 
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Abstract. Two versions of a set theoretic A-language are considered 
as theoretical prototypes for “nested” data base query language where 
data base states and queries are represented, respectively, as hereditarily- 
finite (HF) sets and set theoretic operations. It is shown that these ver- 
sions correspond exactly to (N/D)LOGSPACE computability over HF, 
respectively. Such languages over sets, capturing also PTIME, were in- 
troduced in previous works, however, descriptions of LOGSPACE over 
HF [A. Lisitsa and V. Sazonov, TCS (175) 1 (1997) pp. 183-222] were not 
completely satisfactory. Here we overcome the drawbacks of the previ- 
ous approaches due to some new partial result on definability of a linear 
ordering over hnite extensional acyclic graphs and present a unihed and 
simplified approach. 



1 Introduction 

Now it is widely adopted the natural way of characterizing expressive power of 
(theoretical versions) of data base query languages in terms of a kind of logic 
over finite structures or in terms of computational complexity. Vice versa, given 
a complexity class such as PTIME or LOGSPACE, we could ask whether there 
exists a natural query language corresponding to this class. This way database 
theory is related with descriptive complexity theory and finite models theory 
(cf., for example, [1]). 

Following this general approach we consider in this paper two versions of a 
set theoretic Z\-language as theoretical prototypes for “nested” data base query 
language where data base states and queries are interpreted, respectively, as 
hereditarily- finite (HE ) sets and set theoretic operations. It is shown that these 
versions correspond exactly to (N/D)LOGSPACE computability over HF, re- 
spectively. 

Such languages over sets, capturing also PTIME, were introduced in pre- 
vious works [30,32,33,34,35,24,25,26], however the case of LOGSPACE already 
considered in [24] was not completely satisfactory developed there. Two ap- 
proaches to defining and capturing LOGSPACE computability over HF were 
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presented. In one of them there were problems with the closure under compo- 
sitions of queries, whereas LOGSPACE was described precisely. In another one 
the problems with composition of queries were resolved by some complication of 
the notion of LOGSPACE computability over HE (anyway, there is no unique, 
canonical or most preferable definition for the case of HE) with the syntax of the 
corresponding query language rather unnatural, however formally effective (com- 
putable). The latter involves an infinite family of constants for some technically 
defined set theoretic operations. 

It makes no sense to describe in this paper these two approaches, especial- 
ly the second one which is somewhat overcomplicated — a price payed for the 
achieved advantage mentioned above. However, here we overcome their draw- 
backs by presenting a unified and simplified approach. Actually, all of them prove 
to be equivalent due to some new partial result (Proposition 4.1) on definability 
of a linear ordering over finite extensional acyclic graphs. (Gf. also Note 2.1 and 
Footnote 8.) 

To deal with computability over HF-sets we assume in this paper that (a) 
HF-sets, (b) membership relation between sets and (c) computable set operations 
are naturally represented, respectively, by (a') vertices of acyclic graphs, (b') the 
graph edges and (c') corresponding graph transformers. 

Gf. op. cit., specifically [33,24,25,26], for a more extensive general introduc- 
tion to the subject. 

After preliminaries and technical introduction in Sect. 2 we introduce Z\- 
languages of set theoretic operations in Sect. 3. Main result on capturing 
NLOGSPAGE and DLOGSPAGE over HE is presented and proved in Sect. 4. 



2 Preliminaries and Technical Introduction 

2.1 Hereditarily-Finite Sets 

The universe HE of “pure” hereditarily-finite sets is defined inductively as the 
least class of sets such that 

• if xi,...,Xn G HE, n > 0, then {xi, . . . ,Xn} G HE (with the order and 
duplication of Xi considered as irrelevant). 

In particular, we have the empty set 0 G HE (the case of n = 0) and also {0}, 
{{0}}, {0, {0}}, etc. G HE. Actually, for real data base applications we have to 
consider, as in [33,26], a more general universe HF(A,fY) with urelements (or 
atoms, elementary data) U and database attributes A (or labels): 

• UQ AF{AM) and 

• if x\T..,Xn G HF(A,f^) and Ai,...,A„ G A, n > 0, then 

{Ai : x\,...,An : x„} G HF(A,fY) where Ai : Xi are elements Xi labeled 
by the attributes Ai G A. 
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We may take A = IA = & set of finite strings in an alphabet, or we may include in 
A — U also integers and other datatypes. Also, we could take ZY = 0 in favor of 
A, essentially without any loss of generality. As an example of a data represented 
as such a set consider 

{ STUDENT: I. Ivanov, BIRTH_YEAR: 1981 , DEPT:CS, 

STUDIES : Logic , STUDIES :Data_Base_Theory } . 

Here CS (Computer Science Department) may be also a complicated data (set) 
of analogous form, etc. with any deep nesting if necessary: 



CS = { ADMIN: . . . , LECTURERS: . . . , STUDENTS: . . . } . 



(In principle, it even may eventually refer again to the first displayed set corre- 
sponding to a concrete student I . Ivanov. However, this paper mostly does not 
account such possibilities for cycling. Cf. also Footnote 2 below.) This way nest- 
ed or complex data [3,8,9,10,11,14,19,22] (or, more general, cycling, semistruc- 
tured, Web-like data [2,4,21,22,28], cf. especially [7,26]) may be represented as 
hereditarily-finite (possibly cycling, called also antifounded or hyper-) sets with 
attributes and urelements. Note, that any ordinary relational database may be 
presented as a hereditarily-finite set of the nesting depth = 3 (DB = a set of rela- 
tions each of which is a set of tuples i.e. of the “plain” sets {Ai : x\, . . . , A„ : Xn} 
with different attributes Ai and with Xi urelements) . 

For simplicity, only the case of pure HF-sets (without attributes and urele- 
ments, i.e. essentially the case oi A = U = 0) will be considered below. Note, 
that some natural linear ordering <hf of HF will play an essential role. Even- 
tually, it is needed to imitate Turing machine tape and to order computation 
steps. To adapt (as in [33]) the considerations of this paper to the general case 
of HF(A,A/) some linear orderings and <u should be additionally assumed 
which may be then extended to a linear order on the whole universe HF(A,Af). 

Here is a natural place to jump temporary to Sect. 3 for getting an idea of a 
query A-language over HF. 



2.2 Computability over HF 

PTIME and, respectively, (N/D)LOGSPACE denote computability by a Turing 
machine in the time polynomial in the length of the input and, respectively, 
by a (nondeterministic/deterministic) Turing machine using the working tape 
of the length logarithmic in the length of the input. The typical inputs and 
outputs for a Turing machine are finite strings in a finite alphabet or, slightly 
more general (by using an appropriate evident encoding), finite graphs, etc. It 
is well-known that DLOGSPACE C NLOGSPAGE C PTIME, and it is an open 
question whether C are, in fact, proper inclusions [13]. 
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There is a problem of some ambiguity of the notion of NLOGSPACE com- 
putability of functions in contrast to predicates: different nondeterministically 
chosen ways of computation may give different results. There is a reasonable 
direct approach to define what is NLOGSPACE computable function. Howev- 
er, we will actually work in terms of an equivalent notion of FO®-definability 
described below in Sect. 2.4 where this problem naturally disappears. 

The key notion for this paper is the following definition of (say, PTIME or 
LOGSPACE) computahility of operations q : HE™ — > HE over HF-sets, instead 
of finite strings. Here q{s) = a means informally, for any s, a C HE, that s is 
a data base state and a is an answer to the query q about the state s. Say, s 
may be a nested relational data base state with a some other nested relation 
retrieved or (re)constructed from s by q. 

Let V : Codes — > HE be any surjective encoding of HF-sets. We say that q is 
(PTIME, etc.) computable with respect to v if the following diagram commutes 
for some (PTIME-, etc.-) computable transformation Q between codes: 

HE™ HE 

V q{v{c)) = v{Q{c)) (1) 

Codes™ Codes 

for all c G Codes. Using of Codes is essential here because Turing machine or 
any real computer does not “uderstand” immediately abstract HE-sets. 

Computers deal with Codes. Peoples deal with abstract “high level” en- 
tities, say, with HE-sets. 

Eor the case of PTIME or (N/D)LOGSPACE we must denote corresponding 
classes of set-theoretic operations like VTXMEu, NCOQSVACE,, or 
VCOQSVAC£„ to emphasize that the corresponding notion of computability 
over HE depends on an encoding u. Note, that for the case of graph encoding 
7 considered in Sect. 2.3 NCOQSVACE-^ or VLOQSVACE^, unlike VXTM.£^, 
are very sensitive to small variations of this 7 . At least, only for some specific 
versions of 7 we can obtain reasonable results for LOGSPACE computability 
over HE. 

In general, let C denote some notion of computability over Codes, for example 
corresponding to some complexity class. More precisely, C is a recursive set of 
programs in a reasonable (probably resource restricted) programming language, 
such as the language of Turing machines. We associate with C the corresponding 
class of computable transformers Codes™ ^ Codes, m = 1,2, — Define C,, as 
the class of C-computable operations (and predicates) over HE with respect to v. 

Strictly speaking, C is a class of programs rather than a class of correspond- 
ing computable transformers of Codes. In particular, this means that given a 
program p G C and any its input x, the result of applying p to x considered as 
a universal function U{p,x) = p{x) is computable in both arguments p and x. 
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Note, that for any given program Q : Codes™ ^ Codes (from a fixed class C) 
it may be problematic to decide whether there exists (actually, unique, if any) 
q making the above diagram commutative. I.e. Q may be “non-coherent” with 
ly. We say that the class Cj, of computable operations q over HF has an effective 
syntax if (at least) there exists a recursive (not necessary C-computable) family 
of programs Qn- G tt = 0, 1 , . . ., with all corresponding G Ci, existing and 
exhausting the class Ci,. (Here the programs need not exhaust C.) 

Alternatively and more “realistically”, we may let tt to range over formal 
expressions of a language L, instead of natural numbers. (We assume that L 
itself is a recursive set of expressions.) In this case and Qt^ may be consid- 
ered, respectively, as denotational and operational semantics of any expression 
(program) tt in this language. In contrast to C, each L-program tt will have a 
corresponding q. In this paper we shall take in the role of L appropriate versions 
A' of a natural set-theoretic language A (cf. Sect. 3) with a clear denotational 
semantics and with tractable operational semantics, say, in terms of LOGSPACE 
computability. 

Thus, our goal is to find a reasonable encodings v\ and V 2 and a set- 
theoretic languages Ai and A 2 with reasonable denotational and opera- 
tional semantics which correspond exactly to M COQSV ACS and, re- 
spectively, VCOQSVACSu^ . 

As we argued above, we cannot avoid choosing some encodings Vi here. Moreover, 
in principle there may be different choices for the corresponding pairs {vi, Ai). 

Note 2.1. In previous paper [24] some versions of encodings v and of languages 
A' corresponding to LOGSPACE w.r.t. v were found. However, as we noted in 
the Introduction, in one approach considered in [24] the class of LOGSPACE 
computable set-theoretic operations was not proved to be closed under composi- 
tions, and in another approach the syntax of considered version of A' was, how- 
ever effective (in the above defined sense), not sufficiently explicitly or naturally 
presented. In the present paper we will demonstrate even technically simpler 
approach lacking those drawbacks and actually equivalent to both mentioned 
approaches (cf. formulas (10) and (12) in [24]) which were considered at the 
time of writing of [24] as presumably essentially different. 

2.3 Graph Encoding of HF 

An important example of Codes for HF is the class of all finite acyclic pointed 
(rooted) graphs"^ (AG), i.e. graphs G with no cycles and with a distinguished point 
(vertex) p in each. (We could also consider an m-tuple of points distinguished.) 
Then any computability notion C will determine a class of computable graph 
transformers AQ — > AQ. Let 7 : AQ HF (or even j : G ^ HF for any 
class G of graphs; cf. a generalization below) be Mostowski’s general collapsing 

^ Another interesting and essentially different version of Codes is the class of finite 
trees. 
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operation (an encoding of HF-sets by graphs) which assigns a set 7(G,p) G HF 
to each AG {G,p) in such a way that 

'){G,p) = {'^{G,p') : p p' for some child p' of p in G} . 

In particular, if p has no children in G then ^(G,p) = 0 . E.g. for G consisting just 
of three edges ps ^ P2 ^ Pi and ps ^ pi we have 7(G,pi) = 0 , 7(G,p2) = { 0 } 
and 7(G,P3) = { 0 , { 0 }}. Note, that for the case of general universe HF(Al) with 
attributes we should consider graphs with Al-labeled edges. 

We shall also write p Gq Q instead of q — P and define formally any graph 
G as a first-order structure (|G|,Gg) with |G| its set of vertices and with the 
binary relation Gg for its edges. Sometimes we will apply 7 to graphs with several 
kinds of edges (of various “colors”), i.e. with additional binary relations (such 
as a linear order ^g on |G|), where Gg is just the main graph relation. Even 
more general, we may consider that j{G,p) is defined also for any graph, not 
necessary acyclic. Just apply 7 to the initial acyclic (or well-founded) part of G, 
denoted as WF(G). Here WF(G) ^ (W,Gg \w) with W C |G| the least set of 
vertices such that if for any fixed vertex y G \G\ all its children y —^g x are in 
W then we must have also y G W. ^ 

Let G be any class of finite pointed graphs, quite arbitrary or a special one 
such as SG, AG, SAG*, SAG*.,: O'' SAG).:, defined below. Then the restriction 
of 7 to defines corresponding encoding of HF-sets with Codes = G which will 
be called a graph encoding defined by G- So, we may specify explicitly only G, 
corresponding restricted 7 being implicitly assumed. 

Define extensional finite graphs (SG) as those for which the ordinary set- 
theoretic extensionality axiom holds: 

G 1 = Vu G x{v G p) & Vu G y{v G x) ^ x = y , 

or, equivalently, different vertices in G must have different sets of children. 

We will use abbreviations like SAG*^, SG* , etc. with superscript * and/or 
subscript ^ to designate that the graphs considered involve additional relations 
for the transitive closure G*g of the main graph relation Gg and, respectively, for 
any linear order ^g on the vertices of a graph G. Let also subscript < denote the 
canonical linear order <g on vertices of any SAG G which is inherited from the 
linear order <hf defined below in ( 2 ) via collapsing 7 : |G| — > HF. Note, that for 
different vertices P\,P2 in SAG G we should evidently have ^(G,p\) yf y(G,p2)- 
Actually, any finite G G SAG is isomorphic to initial part i.e. to a finite transitive 
part of HF. 

^ There exists more radical approach based on arbitrary graphs allowing cycles or infi- 
nite chains which leads to so called hypersets satisfying anti-foundation axiom. Cf. [5] 
for general hyperset theory and [34,35,25,26] for corresponding versions of bounded 
hyperset theory and its A-language. In particular this approach allows considering 
“cycling” sets like ft — {!?} Such (hereditarily- finite) hypersets may be used to rep- 
resent so called Web-like Data Bases (WDB) i.e. databases organized analogously to 
World-Wide Web with arbitrary hyper- links; cf. [26]. It is also interesting to extend 
the results of the present paper for LOGSPACE from well-founded sets to hypersets. 




162 Alexander Leontjev and Vladimir Sazonov 



It can be shown that = and G over HF are PTIME computable w.r.t. en- 
coding 7 : ^ HF. I.e. ‘7(Gi,pi) = 7(G2,P2)’ and ‘7(Gi,pi) G 7(G2,P2)’ 

are decidable in PTIME for arbitrary (Gi,pi), (G2,P2) G AQ. However, it is 
hardly the case for (N/D)LOGSPACE (due to PTIME completeness of the cor- 
responding problem for =; cf. [ 9 ]). “Restricting” 7 to the class £AQ< (which is, 
strictly speaking, not a part of AG) and considering its corresponding version 
7 : SAG< — *■ HF makes this problem easier — computable in NLOGSPACE. 
It becomes even DLOGSPAGE computable in the case of SAQ*^, i.e. when the 
transitive closure Gg of the main graph relation is also immediately available. 
(Gf. Proposition 4.1 below.) The additional relations <c and Gq in G help very 
much by giving more information on the input, the information which otherwise 
should be recovered by the cost of some computational resources. Thus, we just 
change a little the initial notion of Godes = AG, but this change is crucial. 

It is evidently inevitable considering something like the above enriched classes 
of graphs SAG< or £AG*^ unless (N/D)LOGSPAGE = PTIME or <g and Gg 
are formally definable by suitable means (say, in the language FO considered 
in Sect. 2 . 4 ; we have only partial, however important, result of Proposition 4 . 1 ). 

Actually, this paper is devoted to machine independent description of two 
classes of computable set theoretic operations: N LOG SV ACE ^ and 
VLOGSVACE gj^g for graph encoding 7 restricted to corresponding 
classes of graphs £AG< and £AG*^- 

Agreement. It makes a sense to consider any such graph G in the form of a finite 
relational structure 

G = (|G|; =G, Gg, Gq, <g, Vg) 

with Gq and <g probably omitted depending on the considered class of graphs 
such as £G, AG, £AG< - Here =g is one more predicate on the finite set |G| which 
is required to be an equivalence relation. Strictly speaking, in this case we should 
consider as vertices of this graph just corresponding equivalence classes. We 
postulate that there is an edge [u] — > [m] between any two such classes/ vertices 
[u] and [u] iiu Gg v (i.e. v ^g u) holds for some representatives of these classes, 
and analogously for Gq and <g- We assume that Vg is an unary predicate on |G| 
representing just one of these classes and corresponding to a distinguished vertex 
of the graph. Then the notions of extensionality, acyclicity or the like of graphs 
represented in this form are defined in terms of the corresponding quotient. In 
particular, it is required that Gq and <g behave as intended (i.e. as transitive 
closure and canonical ordering) on the quotient. Relations of any given structure 
G of the above form, except =g, may be evidently improved with preserving 
quotient of G (up to isomorphism) so that =g becomes congruence relation w.r.t. 
other relations^. In this case we should consider an isomorphism between G\ and 
G2 rather as a relation ^ C |Gi| x IG2I which preserves all relations on these 
graphs, including =Gi and =g-2, the distinguished elements (classes) Vgi 
and Vg2 • We may call such an isomorphism as generalized one, or isomorphism 



® i.e. such equivalence relation = that G\=x = x'&zy = y'k:xGy^x' Gy', etc. 
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up to the congruence relations =Gh in comparison with the ordinary (bijective) 
isomorphisms. Evidently, for (c-) isomorphic graphs (Gi,pi) and (G 2 ,P 2 ) we 
have 7 (Gi,pi) = 7(G2,P2)- 

2.4 Definability of Graph Transformers by Logical Means 

To define a graph transformer Q : G = (Gi, . . . , G„) i — > G (determined up to 
a graph isomorphism) we may use, say, some extension FO^ of the first-order 
language 

FO(Cl , =ni <1 j ■ ■ ■ ; j Gl j ■ ■ ■ ) Cni ^1 ) ■ • ■ ) ^n) 

over a tuple of graphs (Gi, . . . , G„) considered as many-sorted structure (with 
Gi) =i) <i) Gi and Vi interpreted, respectively, as =Oi, <Gi, ^Gt)- 

In this case it is reasonable to consider that |G| C |G| ^ |Gi|^^ x • • • x |G„|^", 
Gg C |G| X |G|, =G C |G| X |G|, etc., for some fci,...,fc„ > 1, and define 
|G|, GG) =G) etc. by FO'-formulas |G|({;), u Gg v, u =g v of k = ki + . . . + 
kn and 2k free variables, respectively. Actually, we may take =g to be partial 
equivalence relation (i.e. any transitive and symmetric relation) on G and define 
|G|({;)^{; =G V- This approach to formal definability of graph transformers 
relies on the well known concept of first-order interpretations between theories 
or structures (cf. [17,36]). 

Thus, we will use the extension FO^ = FO® of the language FO by new 
predicate forming construct [\xy.Lp{x,y,zyf‘ for any definable (in FO®) rela- 
tion \xy.ip{x, y, z) of two lists of variables x and y of the same length. Other 
free variables z of (p are considered as parameters. We call this construct the 
“horizontal” transitive closure and define its meaning in any G by 

[Xxy.ip{x,y)]'^{u,v) {or (p'^{u,v)) iff ip{u,ui),p{ui,U 2 ), ■ ■ ■ ,(fi{u„,v) hold 

for some n > 0 and ui, . . . G |G|). It may arbitrarily participate in any other 
FO®-formula as a predicate. 

Note, that to be £AQ is evidently FO®-definable property of graphs. Cf. also 
Note 4.1 in Sect. 4 for the case of £AQ^^\ 

We may consider also deterministic version of transitive closure ® which 
works as ® for any formula p{x^ y) when it defines a “deterministic” (partial) 
mapping x i — > y. Otherwise, applying gives, say, the false predicate (or, alter- 
natively, preliminary corrects p to make it “deterministic”). 

FO® and FO are essentially identical to the languages FO -I- TC and FO -I- 
DTC, respectively, considered in [17,18]. (Actually, in [17,18] TC and DTC co- 
incide with the reflexive versions of this ®- and -constructs.) However, the 
denotation TC (and *) will be occupied in our paper for the “vertical” transitive 
closure in the universe of sets HF : 

u G TC(r;) G* [Xxy.x G J/]®(m, v) . 

I.e. we use TC and * just in connection with the relation G. Actually, let Gq 
coincide with G^. 
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2.5 Recalling Some Results from Descriptive Complexity Theory 
over Finite Models 

It is proved in [17] that the notion of definability in FO^ + positive ® in finite 
structures linear ordered by A is equivalent to NLOGSPACE computability. 
Moreover, FO^ + positive ® has the same expressive power in these structures 
as the full FO^ + ®, i.e. as FO® [18]. This result is equivalent to the statement 
CoNLOGSPACE = NLOGSPAGE (cf. also [37]) which have been widely believed 
previously as false. The same holds for FO^ and DLOGSPAGE, but easier. (In 
particular, we have FO C DLOGSPAGE.) Therefore, we may freely interchange 
the notions FO®^ and (N/D)LOGSPAGE where A denotes a linear order. More- 
over, we may consider that the notion of (N/D)LOGSPAGE computable graph 
transformers SAGc £AG< is already defined due to Sect. 2.4. 

We will need also the well-known extension FO -I- LFP of FO by the least 
fixed point construct 



the- least P.[P{x) ^ ip{x,P)] 

with the predicate variable P occurring in ip positively. This construct is based 
on an iterative computation of the least predicate P satisfying the condition 
in the brackets. (Start with Pq ^ 0 and continue by Pn+i ^ Aai.(^(a;, P„(a;)), 
up to stabilization P ^ P„ = Pn+i of this monotonic sequence.) It actually 
subsumes ® and . It was shown in [16,27,38] that definability in FO^ -I- LFP 
over finite (linear ordered!) models exactly corresponds to PTIME computability. 
Gf. also analogous results for PTIME and DLOGSPAGE in terms of recursive 
or, respectively, primitively recursive (global) functions, instead of predicates, in 
finite segments of natural numbers [29,15]. 



3 /1-Languages of Set Theoretic Operations 

Define inductively A* -formulas and A* -terms by the clauses 

(Z\*-terms) ::= (variables) | 0 | {a, 6} | (^ a | {t{x) : & 7’(a;)} 

(Z\*-formulas) ::= a = b \ aG^*'^b \ (p Sz if \ ip V -tp \ ~^ip \ Vx€^*^a(p(x) | 3x€^*^a(p(x) 

where (p and if are any Z\*-formulas, a, b and t are any Z\*-terms and a; is a 
variable not free in a. The brackets around * mean that there are two versions of 
the membership relation: G and its transitive closure G*. Then Aq- formulas are 
defined as those Z\*-formulas involving only atomic terms (i.e. just variables or 
the constant 0). We write A (Aq) when G* is not used at all. The sub-language 
A corresponds to the basic [12] or rudimentary [20] set-theoretic operations. 
Note, that our using the term A is not completely fixed in our different pa- 
pers, but the main idea is that A-formulas involve only bounded quantification 
Va; a and 3a; G^*^ a. That is why, according to traditions of mathematical 
logic and set theory, we use the name A for our language and for various it- 
s versions. All other constructs of A are also in a sense “bounded”. But, for 
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example, the unrestricted power-set operation V{x) ^ {y : y C x} is considered 
as intuitively “unbounded”, “impredicative” . Note, that V{x) is also evidently 
related with exponentiation, and therefore it is computationally intractable. In 
general, let A' denote some reasonable, still “bounded”, extension of the class 
of basic operations. 

We shall use set variables, Z\*-terms and formulas both as syntactic objects 
and as denotations of their values in HF. For example, Z\-separation {x € a : 
y?(a;)} for ip G A gives ‘the set of all x in the set a for which p{x) holds’ and is 
a partial case of the construct {t{x) : x G a k p{x)} = ‘the set of all values of 
t{x) such that . . . ’. Also x G {a,b} iS x = a or x = b, x G[Ja iS 3z G a{x G z) 
and G* is a transitive closure of the membership relation G on HF, i.e. x G* y 
X G X\ G X 2 G ... G Xn G y for some n > 0 and Si,...,x„ in HF. The 
meaning of logical symbols & (‘and’), V (‘or’), (‘not’), V (‘for all’), 3 (‘exists’) 

is well known. Bounded quantifiers Vx G^*^ a and 3x G^*'^ a have the same 
meaning as the ordinary unbounded ones except the variable x ranges only over 
the (transitive closure of the) set (denoted by) a. 

Note that bounded quantifiers may be eliminated from Z\^*)-language: 

3a; atp{x) <G> {x G^*^ a : 'tp{x)} yf 0 , 

Vx a-tp{x) <G> {x G^*^ a : ~'ip{x)} = 0 . 

Any Z\'-term t(x) evidently defines a set-theoretic operation 

Xx.t{x) : HF" ^ HF . 

For example, we may define in A* the transitive closure of a set y as TC(y) ^ 
{a; : a; G* y}. Ordered singletons, pairs, triples, etc. are defined in A as (u) ^ u, 
(u,v) ^ {{u}{u,u}} and (u,v,w) ^ {{u,v),w), etc. It follows that {{y),z) 
= (y)-^)) U = {w, u} and for any set of ordered pairs r the set of all the 
components of these pairs is defined in A as field(r) ^ UU^-^ 

As in [33], we may define in the A-language many other useful operations on 
sets, e.g. the Cartesian product Ax B, Cartesian power and disjoint unions 
A-\- B and of sets A and B and of a A-definable family of sets 

Ai, etc.® 

As usual, any set g of ordered pairs may be considered as a (directed) graph. 
Moreover, for arbitrary set g we may just ignore its elements which are not 
ordered pairs. Any pair (y,p) G HF with g a graph and p its vertex is just a 
pointed graph in the framework of set theory. If p ^ field(y) then it is considered 
as an isolated vertex. 

^ Here the double union IJ U related with the above specific definition of ordered 
pairs. Note, that in the case of HF(A)-sets with attributes the ordered pair {u,v} 
could be defined more naturally from a practical point of view as {Fst : u, Snd : u} 
for some two special labels (attributes) Fst and Snd. 

® It can be shown [31,32,35] that A defines exactly all provably-recursive set-theoretic 
operations in Kripke-Platek set theory [6] without foundation axiom. In this sense 
this language is sufficiently complete from the point of view of its expressive power. 
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We will use extensively the fact that any Z\(*)-formula ip is equivalent to a 
Z\q*^ - formula [12]. Cf. also [32,35] for corresponding proof-theoretic considera- 
tions and formal reductions , as in lambda calculus, with Z\q ^formulas being 
normal forms for Z\(*^-formulas. For example, the formula (u,v) = w is equiva- 
lent (and may serve as an abbreviation) to Z\o-formula 

3s, p G w{\/x G w{x = s\/ X = p) h u G s h u,v G p h 

\/x G s{x = u) Sz\/x G p{x = uV X = v)) . 

Then (u,v) G z is equivalent to G z{{u,v) = w) and therefore also reducible 
to Z\o- Analogously may be expressed w = [Jm, etc.® 

Note 3.1. Such abbreviations for {u,v) = w, w = \Ju, u = %, u = {0}, etc. may 
be also used in the framework of the language FO(g,=) (instead of Z\q) when 
working in a graph G (instead of HF). 

However, there are notions which are hardly definable in A* such as the 
canonical or lexicographical linear ordering <hf on HF described by the 

Axiom for <hf: 

X < y G y\ x{{v G x : u < v} = {v G y \ u < u}) . (2) 

Note, that (2) defines <hf uniquely, but only implicitly. This ordering evidently 
coincides with that induced by the Ackerman’s bijection Ack : N HF, N = 
{0, 1,2,.. .}, the most popular encoding of the universe HF by natural numbers: 

Ack(2”i -k 2"= -k . . . -k 2"0 = {Ack(ni),Ack(n 2 ),...,Ack(nj)} 

for any j > 0 and rii > ri 2 > . . . > > 0. In particular, Ack(O) = 0. Note, 

that very simple singleton operation x i — > {a;} corresponds to the arithmetical 
exponential k i — > 2^ with respect to Ack, which is surely intractable. It follows 
that, however corresponding linear ordering <hf seems a good candidate to 
extend Z\-language, we must consider, instead of Ack, other encodings for the 
universe HF like the graph encoding (collapsing) 7 described in the Sect. 2.3. 
We may extend A also by a set-theoretic collapsing operation 

C : HF ^ HF 

which is a restriction of the general collapsing 7 to the case of (pointed) £AGs 
considered as elements of the universe HF. So, C{{g,p)) is the set in HF corre- 
sponding to the point p of g under 7 . If g is not an extensional or an acyclic 
graph then let C{{g,p)) = 0. 

® Note, that A^-formulas are just first-order formulas with bounded quantifiers in the 
language G, G*. By this reason and by the above considerations A* , involving rather 
complex set-theoretic operations, may be also considered as an analogue of first-order 
logic language. There is also corresponding proof-theoretic conservativeness result 
[32,35], relative to Ao-formulas, for Kripke-Platek set theory without foundation 
axiom (corresponding to A) over set theory consisting only of Extensionality Axiom 
(which is “almost” first-order logic). 
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Collapsing operation plays a fundamental role. It reflects in the framework of 
set theory our informal “understanding” of sets of sets, etc. in terms of graphs. 
From the database point of view (g,p) is a data representing a “plan” of con- 
structing another data, i.e. a set corresponding to the vertex p. Collapsing is just 
a legal possibility to realize such plans which a reasonable query language should 
give. 

This is related with two levels of representing data in a database: (i) 
(comparatively) low level, here via graphs (in general case — with labeled 
edges), and (ii) high, abstract level — via HF-sets. Philosophically, this 
is probably the main point of the set-theoretic approach to (what is called 
now semistructured or Web-like) databases. 

We will need two other versions of C: 

• C (((/, <g, G*,p)) ^ C(((/,p)) if <g is the canonical linear order on the ver- 
tices of £AQ g and G* is the transitive closure of Gg = {{u,v) : {u,v) G g}, 
and C {{g, <g, &g,p)) ^ 0, otherwise. I.e. C , unlike C, is properly deflned 
only on SAQ*^ C HF, i.e. on the canonically ordered £AG*s. 

• C®(((/, <g,p)) ^ C{{g,p)) if <g is the canonical linear order on the vertices 
of £AG g, and ^ 0, otherwise. I.e. C®, unlike C and C , is properly deflned 
only on £AG< C HF, i.e. on the canonically ordered £AGs. 

The reason of using the superscripts ® and in C will be clear later in Theo- 
rem 4.1. (Note that C® was called C in [24].) 

Another particularly important construct is recursive A' -separation Rec: 

the-least p.[p = {x G a : (p(x,p)}] . 

It must be considered as a term which denotes the least solution p C o of the 
equation in the square brackets (for (p G A' satisfying a reasonable “positivity” 
condition for the variable p) . 

We will also consider an extension of Z\*-language by a new kind of terms r® 
(instead of formulas, as for the case of FO in Sect. 2.4) to denote the “horizontal” 
transitive closure of any relation (set of pairs) r. (Do not mix denotations r® and 
r with C® and C deflned above and having completely different meaning.) It 
will be called Z\®, with corresponding A'^ -terms and A'^ -formulas. Evidently, ® 
is definable by Rec.^ Deterministic version of ® is formally deflned as 

r ^ Det(r)® where Det(r) ^ {{x,y) G r : 3\z{{x, z) G r)} . 

Analogously, we use denotations Z\< or A® if the predicate for <hf is included 
in the language. 

The following characterization of the language A* -\- Rec -|- C have been 
obtained in [30,32,33]. 

^ Strictly speaking, we must write A*® instead of A® because ® does not cover the 
full strength of *. However, for simplicity, we will use A® for A*®. Thus, TC is not 
definable even in A -I- Rec because TC ^ PTJA4£.y for some specific version 7' of 
7 (cf. [33,35]) such that, moreover, VTJA4£.y coincides with the class of operations 
over HF which are definable in an appropriate extension of A -b Rec. 
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Theorem 3 . 1 . The class of operations over HF definable in the language A* + 
Rec + C coincides with the class VTTMS^ of operations computable in polyno- 
mial time under graph representation 7 of HF-seis or, equivalently, computable 
by graph transformers definable in FO + LFP. □ 

It is essentially used in the proof of this theorem that <hf is definable in 
A* + Rec [ 33 ] . In particular, in the formulation we need not mention any linear 
ordering in defining graph transformers in FO + LFP. Also, AGs or EAGs may 
be equally used as Codes here, as well as C may be replaced by C® or C . 

4 Main Result on Capturing LOGSPACE over HF 

The following proposition is essential for proving the main result on capturing 
LOGSPACE over HF (cf. Cases 2 and 8 in the proof). Let Gi and G2 G EAG*^ be 
arbitrary two graphs (each supplemented with canonical linear order <i ^ <(3. 
and transitive closure G* of Gi GCi, * = 1 , 2 ). For any two vertices x G |Gi| 
and y G IG2I of these graphs let 

X ~i,2 y ^ l{Gi,x) = 7(G2, y) , 

X Cl, 2 y ^ i{Gi,x) c 7(^2, y) , 

X <1,2 y "f{Gi,x) <hf 7(^2, y) • 

Proposition 4 . 1 . The relations x ~i,2 y, x Ci,2 y and x <1,2 y between vertices 
of any two graphs G\ and G2 in EAG*^ (respectively, in EAG<) are uniformly 
definable &y FO -formulas (respectively, by FO'^ -formulas). 

Proof. Define FO -formulas (omitting subscripts in ~i,2, Ci,2 and <1,2): 

next^ (u, u') ^ u €* X Sz u' €* X Sz u < u' Sz -< 3 w G* x(u < w < u') , 
Nexta;,y(u, V] u' , v') next[],(u, u') & next^(u, v') , 

Ix,y{u,v)^Aey±„,yfib,%]u,v) , 

X ^ y G* x 3 v G* ylx,y{u, v) & Vu G* y 3 u G* xlx,y{u, v) & 
yu,u' G* xWvjv' G* y[Ix,y(u,v) & Ix,y{u' ,v') 

{u Gi m' u G2 v') & (u Gi a: u G2 y)j , 

xCyF^XT^y&VuGi x 3 v G2 y{u ~ v) , 

E{u, v;x,y) Gi X Sz V €2 y &z u V Sz 

(Vu' Gi x\u' >1 u){ 3 v' G2 y|F >2 v){u' ~ F) & 

(VF G2 y|F >2 u)( 3 F Gi a;|F >1 u){u' ~ F) . 

Note that the formula Ix,y{u,v) relates vertices u G |Gi| and v G IG2I lying in 
the transitive closures of a: G |Gi| and y G IG2I, respectively, according to their 
positions in restricted linear orders <1 and <2. It follows from the recursive 
definition ( 2 ) of < over HF that recursively 

X < y X \Z yV (3m, v){E{u, v;x,y) Sz u < v) . 
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Therefore we can define explicitly in FO 

x<y^x\Zy\/ 3u, v{E (u, v]x,y) h u \Z v) . 



□ 

(It follows that the classes of IC-FO®- ([24]) and FO®-transformers of £AQ<^s 
coincide, what resolves a question 5 from Sect. 13 in [24]. Analogously the classes 
of IC-FO - and FO -transformers of EAGt^s coincide.) 

Remember, that any class of finite pointed graphs G, in particular G = 
£AG<:j defines corresponding graph encoding of HF-sets with Codes = G- Giv- 
en any Z\' and class(es) of TRANSFORMERS of graphs from ^ to 5, we may 
consider the following abbreviation (introduced in [24]) 

, / TRANSFORMERS! \ 

A ~hf G 

\ TRANSFORMERS2 / 



of the statement: 

‘A' -definable operations over HF eoincide with those computable by 
TRANSFORMERS* fori = 1,2’. 

One of the classes of transformers may be omitted in this denotation. If both 
are present then it is asserted that they compute the same class of operations 
over HF, namely those Z\'-definable (even if these classes of TRANSFORMERS 
are different). 

Note 4-1. (Cf. [24].) Fortunately, we can check even in FO correctness of the 
input and output codes, i.e. the membership relations ‘G G £AG*<^’ and ‘G G 
£AG<’- (This will be used in the proof of Theorem 4.1, Case 6). Extensionality 
and all axioms of a strict linear and canonical ordering < are evidently expressible 
by FO-formulas. Then acyclicity of any finite graph G follows from an additional 
axiom x G y ^ x < y which, of course, must hold on £AG<s. This allows to 
use G-induction in proving that < is uniquely defined by these axioms on any 
£AG< - Finally, the relation Gq is completely characterized on all the structures 
satisfying these axioms by the formula xG*y4^xGy\/3z€ y{x G* z) also by 
using G-induction (on y). 

Finally, we are ready to formulate and prove the Main Result of this paper: 

Theorem 4.1 (On Capturing LOGSPACE over HF). 



A®+C® ~hf i^£AG< i^LOGSPACE '^'^^<j ^HFf^COGSPACEg^g^ (3) 
/i< + C ~hf UaG< plog°pace '^"^^<) -HF'DCOGSVACEgj^g^ (4) 
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Moreover, in both cases any definable set-theoretic operation may be equivalently 
represented by a term of the form (fix)) with t{x) involving no collaps- 
ing (“external collapsing normal form”), and definable predicates need not use 
collapsing at allf’ 

Proof, of (3), direct part. For each term t{x) = t{x\, . . . , Xn) in + C® (rep- 
resenting a query q in the commutative diagram (1)) we will define in FO® by 
induction on the construction of t a corresponding graph transformer 

|t] : G = (Gi, . . . , G„) ^ Gqs) : {£Ag<,T ^ £AG< 

{Q — in terms of (1)) with Gi = (|Gi|; =i, Si, <i, Vi). Here Xi is simultane- 
ously a set-theoretic variable of the term t and a first-order variable denoting 
corresponding distinguished vertex of Gi; i.e. Gi ^ a;i € Vi is assumed in the 
corresponding context. We define |f] by a tuple of FO®-formulas 

g^t(x) t{x) bj,u ^t{x) X,U ^t{x) v,v ^ ^t{x)} 

(depending on variables u,v,x) over many-sorted structure G = Gi,...,G„. 
Here we assume that Q \= A =t(x) "5 is a partial equivalence relation on ii, v’ and 
that |Gt( 2 )| = {u:u =^( 2 ) it}. 

Analogously, for each formula <p{x) in Z\® -|- C® we will define by induction 
on the construction of ip a, corresponding FO®-formula |(p] (x) over many-sorted 
structure G = Gi, . . . , G„. 

Case 1. If t{x) is just a variable Xi then let Gt ^ Gp. u =t(x) v ^ u =i v, u &t{x) 
V ^ u Gi V, u <t(x) V ^ u <i v, and v G V)(g) ^v G Vi. 



Case 2 . t{x) is {ti{x),t2{x)}. By induction hypothesis, terms ti{x) and t2{x) 
have corresponding two FO®-definable graph transformers G i — > Gt.,(x) £^nd 
Gi > Gi^i^x)'! £^ti{X) — {^i — ti Vi,Ui Gt, Vi,Ui Vi,Ui G Vtf). 

Let us abbreviate Ui,u\,U2 and analogously for v, w and 5. Extend 
denotation m G \Gt, \ to tuples of variables u: 

u G |G(j I Ui 0 & ui € \Gt, I & U2 =t2 {0} ) 

U G |G(2 I :F^ Ui =t, {0} & Ml =ti {0} Sz U2 G \Gt2 I ■ 

(Here and below Note 3.1 is used for defining in FO of m = 0 and u = {0} 
and other set theoretic formulas.) The mappings mi i — > 0,mi,{ 0} and U 2 ' — > 
{0}, 0, M 2 give natural bijections between old and new versions of \Gt, \ and \Gt 2 \- 

® In [24] the first approach to NLOGSPACE over HF (discussed in the Introduction) 
was based on such a syntax with external collapsing, and only for such restricted 
language we were able to obtain a result analogous to (3) or (4). Now we see that, 
by using Proposition 4.1 in the proof below, this artificial restriction may be avoided 
and, in particular, corresponding class of (N/D)LOGSPACE computable operations 
and predicates is closed under compositions. 
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Also note, that new versions of |GtJ, [Gtjl and the set Vt defined below are 
disjoint and, moreover, Vt is a singleton set. 

Define Gt by the following formulas where the FO®-definitions of =ti,t 2 and 
are given in Proposition 4.1: 

U G Vt ^ Ml =ti 0 & Ml =fi 0 & M2 =t2 0 , 

|GtM|GtJU|Gt,|UPt , 

M Gt M ^ (m, M G |Gti I & Ml Gti Ml) V (m, M G \Gt^ \ & M 2 Gta M 2 ) V 

(m G |GtJ & Ml G Ptt & M G Vt) V (m G |GtJ & M2 G Pt, & G Vt) , 

M =? M ^ (m, M G |Gti I & Ml =ti Ml) W {il,v € |Gt 2 I & M 2 =ta M 2 ) V 

(m G |GtJ & M G IGtJ & Ml =ti,t 2 M 2 ) V 

(m G IGtJ & M G |GtJ & Ml =ti,t2 M 2 ) , 

M =t M ^ Vz Gt m 3?M Gt m(5 m) & Vw Gt m3z Gt m(z =? m) , 

M <° M ^ (m, M G |Gti I & Ml <ti Ml) V (m, M G jGt^ | & M 2 <ts M 2 ) V 

(m G |GtJ & M G IGtJ & Ml <ti,t 2 M 2 ) V 

(m G IGtJ & M G |GtJ & Ml <ti,t2 M 2 ) , 

M <t M ^ (3z Gt M \ m)(Vzm Gt m U m|z w)(3/l Gt M n m)(w ^) . 

Here (3z Gt m \ m) abbreviates (3z Gt m|Vz' G u{z z')), (Vw Gt m U m|z <° ?m) 
abbreviates (V?M|(rM Gt mVw Gt m) & z <° ?m)), and analogously for (3/i Gt mDm). 
Note, that =t coincides with =° on |Gti| U IGtal, and the same for <t and <°. 

Case 3. t{x) is lja(a;). By induction hypothesis, the term a has corresponding 
FO®-definable graph transformer G i — > Ga(x), 

Ga{x) = (m =a M, M Ga M, M <a M, M G Va) ■ 

Abbreviate u^u',u and extend denotation m G |Ga| to tuples of variables u: 

M G |Ga| ^ u =a {0} & M G \Ga\ 

Define Gt by the following formulas 

U &Vt^U =a% ^ U=a% , 

IGtMIGJUPt , 

M Gt M ^ (m, M G |Ga| & M Ga m) V 

(m G |Ga| & 3z G |Ga|3w G Pa(M &a Z &a w) k V & Vt) , 

U =t V ^^Z €t m3iM Gt m(z =a v) & Vw Gt m3z Gt m(z =a v) , 

M <t M ^ (3z Gt M \ u)(Vw Gt M U m|z <a rM)(3/l Gt M H M)(rc =a ^) . 

Case 4- t{x) is TC(a(a;)). This differs from Case 3 only by the definition 
M Gt M ^ (m, M G |Ga| k U €a v) {u € |Ga| & 3lM G Va{u G® M>) & M G Vt) ■ 
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Case 5. t{x) is {s(al,t/) : y G a(x) & (p(x,y)}. By induction hypothesis, there 
are FO®-definable graph transformers |s] : G,G' i — > Gs(x,y)^ [a] ^ G i — > Ga(s) 
and a predicate |(^] over G, G' where 

Gs{x,y) ~ —s{x,y) 'ey'll Gs(^x,y) 'ey'll ^s(x,y) V^V G ^s(X,y)} 

in the language of G, G' (with u and v being for simplicity single variables) and 
Ga(X) ~ {y ~a(x) ^a(X) ^a(X) ^ ^a(X)} 

in the language of G (with variables x, y ranging, respectively, over G, G' to 
denote distinguished vertices of these graphs) . 

Let us rewrite Gg(x,y) in the language of G by substituting Ga(x) = iv =a(x) 
z,y Ga(s) z,y <a{x) z,y G Va(x)) in place of G' = (|G'|, =', g', <', F') (i.e. by 
substituting the formulas =a^ Ga, Va, respectively, in place of the predicates 
=', G' and V and with the variables y ranging over \Ga(x)\ playing the role 
of variable y ranging over |G'|; variables x = xi, . . . ,x„ are still ranging over 
|G| = |Gi|, . . . , |G„|). Denote the result as 

Gs(X,y) ~ ~s(x,y) 'C, 'U Gs(X,y) U ^s(X,y) VjV G ^t(y)} • 

Analogously |(^](x,y) is obtained from |(^](x,j/). 

Abbreviate u ^ u, y, y', v ^v,z, z', w ^ w,p,p' and define Gt by the follow- 
ing formulas 

^ € \Gt{X) I ^ M G \Gs(x,y) I & i/ € \Ga(x) \ & 

3yi G Va(x){y Ga(g) yi) & M(^.y) & y' =a(x) {0} , 

H ^ ^t(x) ^ ^ ~s{x,y) 0 y —a(x) 0 y —a{x) 0 5 

\Gt(x) I ^ |Gi( 5 ,) I U Vt{x) , 

H ~t(x) V ^ U,V G I & U =s(x,y),s(x,z) U , 

H ^t(X) H ^ U, V G I & Gs(x,z) ‘a(a s(X,y),s(X,z) ^ ) 5 

u Gt(x) V ^ u G((g) vW {u G I & u G Vg(^x,y) & h G F(j)) , 

u =t V ^\/z Gt u3w Gt v{z =t v) & Vw Gt v3z Gt u{z v) , 

^ "^t(x) V ^ U,V G I & U <s{x,y),s{x,z) U , 

u <t V ^ (3z Gt v \ u)(Vr/; Gt u U v\z w){3h Gt m D v){w h) . 

Case 6. t(x) is C®(a(a;)). By induction hypothesis, the term a has corresponding 
FO®-definable graph transformer G i — > Ga(x), 

Ga(x) = {U =a V, U GaV,U <aV,U G Va) ■ 

It follows from the Note 4.1 that there exists also FO®-definable predicate 
SAQ<(z) which, given a vertex 2 of a graph (in our case of the graph Ga(x) in 
SAQ<), decides whether 2 considered as an HF-set corresponds to a quadruple 
z = {g, e, l,p) such that (i) g (as an HF-set of pairs) is extensional acyclic graph, 
(ii) e is a partial equivalence relation, (iii) I (also as an HF-set of pairs) is the 
canonical linear ordering on this graph, and, finally, (iv) p is a distinguished 
vertex of the graph g (possibly isolated one). 
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Define Gt by the following formulas 

uG\Gt\^{3zGVa3glpvG\Ga\ 

{£AG<{z) k z = {g,e,l,p) & {{u,v) € g\/ {v,u) € g\/ u = p))) V 
{u eVa k ^£AG<{u)) , 
u £ Vt ^ {3z G Va3glp G \Ga\ 

(£AG<{z) k z = {g,e,l,p) k u = p)) y {u £Va k ^£AG<{u)) , 
u£tV^3z £ Va3glp £ \Ga\{£AG <{,z) k z = {g,e,l,p) k {u,v) £ g) , 
U =t V ^\/z £t u3w Gt v{z =a v) k \/w £t v3z £t u{z =a v) , 
u <tV^3z £ Va3glp £ \Ga\{£AG<{z) k z = {g,e,l,p) k (u,v) £ 1) , 



Case 7. of f ^ r® relies on the construct ® of FO® analogously to and even 
simpler than Case 6. 

Case 8. oi p ^ ti = t 2 or t\ < is based immediately on Proposition 4.1. 

Case 9. oi £ t 2 (as well as that of bounded quantification) is reducible 

to those considered: 

t\ £ t 2 yy 3x £ t 2 {x = ti) yy {x £ t 2 : X = ti} ib . 

Case 10. of the term 0 and of boolean connectives is trivial. 

Proof of (3), converse part, and “external collapsing normal form”. Let f{x) 
be any n-ary operation over sets FO®-computable by a graph transformer F : 
£AG< — *■ £AG<. We may consider that £AG< C HF and F : HF — > HF. Then 
/ can be represented as the following (Z\® -|- C®)-definable operation, in fact a 
composition (applied from right to left) 

/ = C® oFoG 

where G is an n-ary Z\^-definable operation over sets transforming input sets 
xi,...,Xn into their well-founded extensional graph representation (with the 
distinguished vertex in each graph) : 

G{xi, . . . , Xn) = {{£ ItCTki}); < ItC({£Ci})) a:i), • • • , (G |TC({a:„}); < lTC({a;„ }) ) a^n)) 

F is evidently also Z\®-definable by imitating in Z\® its FO®-description. (Input 
graph for F is considered as set of a specific kind; corresponding output graph 
is defined by using Z\-definable notion of Cartesian product and by imitating 
unbounded quantifiers of FO® and the logical construct ® by bounded quantifiers 
and set-theoretic version of ® in Z\®.) Finally, collapsing operation C® serves to 
‘extract’ a resulting set from its graph representation. 

Evidently, F and G do not use collapsing. If / : HF" — > {true, false} is an 
NLOGSPACE computable predicate then we will have f = F o G and we need 
not use collapsing at all. 
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Proof of (4) essentially coincides with that of (3). We should only replace (i) ® 
by , (ii) C® by C , (iii) SAGc by £AG*^ and add (i) €* in the denotation of 
Gi, (ii) u €(( 2 ) V in the denotation of Gt(^) for each term t, (iii) S* Ixcdaii}) in 
the definition of G(x), and respectively extend the proof. 

□ 
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Abstract. Non-situation calculus is a way to describe dynamic worlds 
using first order logic, where a theory is written from the viewpoint 
of a situation (the propositional fluents hold in that situation). We in- 
troduced some functions to allow describing propositional fluents that 
hold in other situations. We define “progression” as a transformation 
that changes the situation represented by a non-situation calculus. The 
semantics counterpart of progression, function A, transforms an inter- 
pretation of a non-situation calculus relative to a situation into an inter- 
pretation of a non-situation calculus relative to another situation. 

We propose using non-situation calculus to study database dynamics by 
representing a database as a non-situation calculus theory, by represent- 
ing transactions as changes and by associating the database that results 
from executing a transaction to the progression of the theory. 



1 Introduction 

Non-situation calculus (nsc) is way to write theories describing situations in dy- 
namic worlds using first order logic with equality «. In nsc, we choose a situation 
to be represented by a theory and the propositional fluents that hold in that situ- 
ation don’t have to refer the situation (hence the name “non-situation calculus”). 
Non-situation calculus was developed to study some reasoning about action and 
change systems [3,5,18,11,1,7,4] in which the representation propositional fluents 
don’t refer explicitly the situation. These have been called “meta-level time” ap- 
proaches [16]. 

Non-situation calculus is closely related to situation calculus (sc) [10] using 
reified propositions.^ Let s be a situation and p a reified proposition. In sc, the 
fact that “it is true that p in s” is written as holds(p, s), that is, predicate holds 
means “it is true that ... in . . . ” . In nsc, choose a situation to be represented by 

* We wish to thank the members of the member of GIA for their comments 
and support. This work was partially supported by PRAXIS XXI projecto 
2/2.1/TIT/1568/95 - Raciocmio sobre mudanga utilizando Sense Comnm and ID- 
MEC - Gmpo de Inteligencia Artificial. 

^ Reify means “turn into an object”. Reified propositions are propositions that are 
turned into objects of the domain of discourse, that is, objects about which other 
propositions can be written. The nse of reified propositions in first order logic was 
introduced in [9]. 
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a theory, for example s, and a unary predicate, say h, to identify the propositional 
fluents that hold in that situation (we call this a non-situation calculus relative 
to s using h) . The fact that propositional fluent p holds in situation s is written 
as h{p), that is, predicate h means “it is true that ... in s”. 

When using nsc relative to s using h, the propositional fluents always hold 
in situation s. This apparent limitation of the nsc approach can be overcome 
by introducing an appropriate set of functions, including function “(5”, used to 
represent the change between two situations, function “TSP” (for Temporally 
Shifted Propositions), used to represent that a proposition holds after a change 
is executed, and function used to compose changes, as described in Sect. 2. 

Using these functions, it is possible to study the relation between sc and 
nsc. We defined a syntactic transformation from nsc to sc (we called it R, from 
“Reify” , because this transformation can be seen as the reification of the situa- 
tion represented by nsc) and another from sc to nsc (similarly, we called it D, 
from “De-reify”, because it can be seen as the de-reiflcation of the situation). 
We compose these transformations into another transformation which we called 
“progression” ^ that can be though of as changing both the situation represented 
by a nsc and the predicate used to identify the propositional fluents by a nsc. 

Furthermore, we present function A, which is the semantic counterpart of 
progression. Consider interpretation X of the parameters of nsc relative to si 
using hsi, that interprets all the parameters of logic including hsi, which es- 
tablishes all the reified propositions that hold in that situation. Furthermore, 
consider situation s2 and a predicate symbol h.s 2 - A(X, si, hsi, s2, hs 2 ) is the in- 
terpretation of parameters of nsc relative to s2 using hs 2 that describes the same 
facts as X, but now from the viewpoint^ of s2. In Sect. 3, we discuss both the 
progression and A. 

As we said before, nsc is a way to write theories that describe situations 
in dynamic worlds. In Sect. 4, using some inspiration from the work of Reiter 
[12,14], we propose using nsc to model databases and to study its dynamics. 
The idea is to associate a database to a nsc theory that describes a situation 
and to associate a transaction to a change. In this framework, the database that 
results from executing a transaction is represented by the theory that results 
from executing the progression corresponding to the change. 

Finally, in Sect. 5, we draw conclusions. 

2 Non-situation Calculus 

Non-situation calculus is an approach to write theories describing worlds, where 
different theories are used to describe the world in different situations. Let 
Cj^SC{s,h) be the language we use to write a nsc theory relative to s using h. 
This language is similar to a language of a form of sc using reified propositions, 

^ The term progression has been used by other authors [15,11,7], with different tech- 
nical meanings. 

® The term viewpoint was used in [6], who proposed a semantics for contextual rea- 
soning which relates theories that describes different points of view. 
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Lsc- The difference is on the predicates of the language: the fact that proposi- 
tional fluent p holds in situation s is written in Csc h.olds(p, s) whereas in 
^NSC{s,h) it is written as h{p). Furthermore, when we say that Cffsc{s,h) is the 
language of nsc, we mean that the situation the nsc is relative to is s and the 
predicate used to describe the propositional ffuents is h. 



2.1 Situations and Changes 



As in McCarthy and Hayes [10], we take a situation to be “complete state of 
the universe at an instant of time”. Recently, Reiter [13] proposed a different 
use of sc in which situations are associated to histories of action executions. 
To distinguish between Reiter’s and the original McCarthy and Hayes’ sc, the 
former has been called the “Toronto variant” . When we refer to sc, we mean the 
original sc. 

A change represents the difference between two situations and is reified in 
nsc. We follow McCarthy and Hayes’ and use function result,^ which takes 
as its first argument a reified change c and as its second argument a situation 
s. The term “result(c, s)” represents the situation that results from change c 
occurring in situation s. 



2.2 Introducing New Functions 

A nsc theory relative to s using h describes the world from the viewpoint of s, 
that is, propositional fluents are always relative to s. Restricting the proposition- 
al fluents to those which hold in situation s is not a limitation of this approach 
when compared to sc since this restriction can be easily overcome by introducing 
functions “6”, “TSP”, and 

— term “i5(si,S2)”, when si and S 2 are two situations, represents the change 
that transforms si in S 2 . We call this term the differential change between 
Si and S 2 'i 

— term “TSP(c,p)”, when p is a reified proposition and c is a change, represents 
that after executing the change c, proposition p holds. We call this term the 
temporal shifting of reified proposition p by c; and 

— term “ci ; C 2 ” , when ci and C 2 are changes, represents the change which 
corresponds to executing ci and then C 2 . We call this term the succession of 
Cl and C 2 . 



^ Even though it is outside the scope of this paper, this use of function result is 
actually a generalization of McCarthy and Hayes’ use since their function’s first 
argument is an action, which is a special kind of change. 
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We present some axioms that describe some properties of these functions, 



Vs 0 « (5(s, s) (1) 

VsiVs 2 Vc i5(si, result(c, S 2 )) « i5(si, S 2 ) ; c (2) 

VsiVs 2 Si « result((5(s2, si), S 2 ) (3) 

Vpp«TSP(0,p) (4) 

VciVc 2 Vp TSP(ci ; C 2 , p) « TSP(ci, TSP(c 2 , p)) (5) 



according to which: (1) the differential change between s and itself is the null 
change, represented as 0; (2) the differential change between si and the result 
of executing c in S 2 is the succession of the differential change between si and 
S 2 , and c; (3) the result of executing i5(s2,si) in S 2 is si; (4) p is the same as 
temporally shifting p by executing 0; and (5) temporally shifting p by executing 
Cl ; C 2 is the same as temporally shifting by ci the reified proposition that is 
obtained by temporally shifting p by C 2 . 

The intended meaning of TSP is made clearer in terms of sc. In sc, we may 
write the axiom (6), according to which term TSP(c,p) is such that it holds in 
situation s iff p holds in situation result(c, s). 

VsVcVp (holds(p, result(c, s)) holds(TSP(c, p), s)) (6) 

By the way of example, when considering nsc relative to SI using hsi, if 
we use term on(A, Table) to represent the reified proposition that block A is 
on Table, the fact that block A is on Table in situation S2 is represented as 
hsi(TSP(i5(Sl, S2), on(A, Table))). 

We say that theories containing axioms (l)-(5) are transformable. Some prop- 
erties of these theories are discussed in Sect. 3. 



2.3 A Blocks World Example 

In this section, we present a classical example of dynamic systems, a blocks 
world containing two blocks, A and B, in which two situations are considered. In 
situation SI, block A is on B, and situation S2 is the result of unstacking block 
A, i.e., S2 is result(unstack(A, B), SI), as represented in Fig. 1. 

This blocks world is represented as the nsc theory Ti relative to SI using hsi 
that contains the axioms (l)-(5) (the theory is transformable), and axioms (7), 
describing some atomic wffs that holds in SI. 

hsi(on(A,B)) 
hsi(on(B, Table)) 

hsi(clear(A)) , . 

hsi(TSP((5(Sl,S2),on(A, Table))) '' ^ 

hsi(TSP((5(Sl, S2), on(B, Table))) 

S2 « result(unstack(A, B), SI). 
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B 




Table 









SI 



S2 



Fig. 1. Blocks world in situations SI and S 2 . 



3 Changing the Viewpoint 



In this section, we present two transformations: R, from nsc theories to sc theo- 
ries; and D, from sc theories to nsc theories. These transformations are used to 
transform a nsc theory relative to a situation using a predicate into another nsc 
theory relative to another situation using another predicate, a transformation 
we call “progression”. 



3.1 Transformations R and D 



Let s be a constant symbol, let ft- be a unary predicate, let 7 and finite trans- 
formable r be in CNSC(s,h)- R{l, s, ft) is the result of replacing the occurrences 
of h{p) for holds(p, s) (for any p) in 7. 

Formally, R is defined as 



R{l,s,h) 



holds(p, s), 

7 . 

i?( 7 i,s, ft) ^ i?(72,s, ft), 

yv R{ji,s,h), 



if 


7 


= h{p), 


if 


7 


is atomic a 


if 


7 


= ^71. 


if 


7 


= 71 ^ 72, 


if 


7 


= Vu 71, 



and R{r, s, ft) = {i?(7, s, ft) | 7 € T}. 

According to Theorem 5.1 (theorems are presented in the appendix), T h 7 
iff R{r,s,h) U {(6)} h i?(7, s, ft). Notice that i?(T, s, ft) only contains proposi- 
tions that hold in situation s. The point of adding {(6)} is to extend the set of 
derivable propositions to include propositions (other than tautologies) referring 
other situations than s. 

Let s and ft be as before, let 7 and finite transformable F be in Csc- s, ft) 
is the result of replacing holds(p, s) for h{p) (for any p) and holds(p, si) for 
ft(TSP(ft(s, si),p)) (for any p and si yf s). 
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Formally, D is defined as 



D{'y,s,h) 



' Kp), 

ft,(TSP(< 5 (s,si),p)), 

7. 

D{li,s,h) D{j2,s,h), 



if 7 = holds(p, s), 

if 7 = holds(p, si) and Si yf s, 

if 7 is atomic and 7 yf holds(p, si), 

if 7 = ^71, 

if 7 = 71 ^ 72, 
if 7 = Vw 71, 



and D{r, s, h) = {-0(7, s, /i) | 7 G O}. 

According to Theorem 5.2, F U {(6)} h 7 iff 0(0, s, /i) h 0(7, s, /i). 

By the way of example, i?(hsi(on(A, B)), SI, hsi) is holds(on(A, B), SI), and 
0(holds(on(A, B), SI), S2, hgz) is hs2(TSP(<5(S2, SI), on(A, B))). 



3.2 Progressing a Theory 

Given the two transformations R and O, a new transformation of a nsc theory 
relative to situation si using into a nsc theory relative to situation S2 using 
/is2 can be built. We define transformation RD by equation (8), and say that 
RD{j, si, hsj^, S2, hs^) is the progression of ^ relative to si using predicate to 
S2 using predicate hs^ , trivially generalizable to theories. 

00(7, si,/isi,S2,hs2) = 0(0(7, si,hsJ,S2,hs2) ( 8 ) 

It follows from Theorems 5.1 and 5.2 that if si and S2 are constant symbols, 
if /igj and hs^ are unary predicates, if 7 and finite transformable theory F are 
in i^NSC(s^,h,^), then O h 7 iff RD{F,si,hs^,S2,hsJ RD{j,si,hsi,S2,hs^). 

3.3 An Example of the Progression of a Theory 

We present the progression of a theory describing the blocks worlds relative to 
SI using hsi to S 2 using hs2, 00 ( 0 i, SI, hsi, S 2 , hs2). 

According to the transformations definitions, the axioms in (l)-( 5 ) are pro- 
gressed into themselves, since hgi doesn’t occur in any of these axioms. The 
axioms in ( 7 ) are transformed into axioms in ( 9 ). 

hs2(TSP(<5(S2,Sl),on(A,B))) 
hs2(TSP((5(S2, SI), on(B, Table))) 
hs2(TSP(,5(S2,Sl),clear(A))) 

hs2(TSP((5(S2, SI), TSP(i 5 (Sl, S 2 ), on(A, Table)))) i '' 

hs2(TSP((5(S2, SI), TSP(i 5 (Sl, S 2 ), on(B, Table)))) 

S 2 « result(unstack(A, B), SI) 

Notice that since i?H(Tu SI, hsi, S 2 , hs2) is transformable, hs2(on(A, Table)) 
is derivable from this theory and similarly for hs2(on(B, Table)). 
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3.4 The Semantics of Non-situation Calculus Progression 

Non-situation calculus is a way to write first order logic theories, and therefore 
a standard tarskian semantics may be used. In order to introduce notation, we 
present tarskian semantics (our presentation is strongly based in [2]). Further- 
more, we define function A, the semantic counterpart of progression. 

An interpretation of a first order language defines a meaning to the param- 
eters of the language. Formally, an interpretation X assigns: 

1. the quantifier V to a non-empty set \X\, the universe of X; 

2. each n-ary predicate symbol P to a n-ary relation C |X|”; 

3. n-ary function symbols to n-ary functions from |X|” to \I\ (e.g. / to /^ : 

|x|" - 1^1); 

4. constants to elements of \X\ (e.g. c to (p-). 

To establish the meaning of a nsc calculus wff, we need to define the meaning 
of a term, which in general may contain variables. This is achieved by considering 
a function that assigns each variable in V to an element of \X\ and extending 
this function to the set of all terms. 

Given a function s from the set of variables V to \X\ , define the extension s 
(relative to I) recursively as follows: 

1. if u is a variable, then s(u) = s{v); 

2. if c is a constant, then s(c) = cP; 

3. if fi, . . . , are terms and / is an n-ary function symbol, then 

s(/(G,... ,tu)) = f^{s{ti),... ,s(tn)). 



Furthermore, for v € V and d G \X\, s(u|c?) is the function from the set of 
variables V to \X\ that is equal to s for every argument except for v. When the 
argument is v, the result is d. Formally, 



s(n|(i)(a;) 



s(a:), if X p V 
d, if a; = v. 



Let X be an interpretation, 7 be a wff, and s be a function from the set of 
variables V to \X\. The definition of the relation X satisfies 7 with s, written 
1=1 7[s]) is recursive: 

L hi hi ~ ^2)[s] iff s(ti) = s(t2); 

2. for n-ary predicate P different from p, it is the case that |=i -P(Gj • ■ • ) ^n)[s] 
iff (s(ti), . . . ,s{tn)) G P^ {P^ is the extent of P in X); 

3. hi (=71) h] iff hi 7 i[s]; 

4. hi (71 ^ 72) [s] iff hi 7i[s] or hi 72 [s] or both; 

5. hi (Vi 7i)h] iff. for every d G \X\, hi 7i[s(n|fi)]. 



An interpretation X is a model of a wff 7, written hi 7. when hi 7[s]. for 
every s. This notion is easily extended for a set of wffs P. A theory P logically 
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implies 7 when for every interpretation I and every function s such that \=x 
it is the case that \=x 7 [s]. 

Given this presentation of tarskian semantics, we are in position to discuss 
the semantics of progression. An interpretation I in nsc relative to si using hgi 
is an interpretation that defines the meaning of the parameters, including the 
meaning of the predicate hsi that identifies the propositional fluents that holds 
in situation si. In this sense, we can associate this interpretation with si. 

Furthermore, an interpretation also identifies the propositions that holds in 
any other situation. Consider situation s2, which is the situation that results 
when change <5(sl, s2) occurs in si. If reified proposition p occurs in s2, then 
the interpretation is such that TSP(<5(sl, s2), p) holds in si. This shows that 
an interpretation of parameters of nsc relative to si using hgi contains enough 
information to decide which propositions hold in any situation. 

If we change the viewpoint from which propositions are written using pro- 
gression, the interpretation of parameters should be changed accordingly (the 
predicate that represents the propositional fluents has changed). Function A is 
used to represent the changed interpretation of parameters: A{2, si, hsi, s2, hs 2 ) 
is an interpretation of parameters in Cj^sc{s 2 ,he 2 ) interprets all the param- 
eters as in X except for hs 2 ■ The interpretation of hs 2 is such that if p^ G /iJi , 
then TSP(,5(s2,sl),p)^ G ^A(i,si,h,us2M 5 

Formally, A(X, si, hsi, s2, hs 2 ) is an interpretation of parameters that assigns 

1. the quantifler V to |X|; 

2. each n-ary predicate symbol P, different from hsi, to a n-ary relation C 

ixr; 

3. unary predicate hs 2 to the set {TSP(<5(s2, sl),p)^|p^ G h^i}] 

4. n-ary function symbols to n-ary functions from |X|" to \I\ (e.g. / to /^ : 

|ir - |X|); 

5. constants to elements of \I\ (e.g. c to (p-). 

This function is such that when I is a model of a closed transformable theory 
Psi, then A{X, si, hsi, s2, hs 2 ) is a model of RD{Psi, si, hsi, s2, hs 2 ), as proved 
in Theorem 5.3. 



3.5 An Example of Changing the Viewpoint of an Interpretation 

As an example of function A, consider an interpretation of the language of nsc 
relative to SI using hgi satisfying axioms (l)-(5), X, such that 

1=1 hsi(on(A,B)) 

1=1 hsi (on(B, Table)) 

1=1 hsi(clear(A)) 

hi hsi(TSP(,5(Sl, S2), on(A, Table))) 
hi hsi(TSPh(Sl, S2), on(B, Table))). 



5 



Note that h^X,A,hs-i,s 2 ,hs 2 ) jg extent of hs2 according to A{X, si, hsi, s2, hs2)- 
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The interpretation that results from changing the viewpoint from SI to S2 using 
hs 2 , Z\(X, SI, hsi, S2, hs 2 ) is such that 

h4(i.si.hs..s2.hs,) hs2(TSP(<5(S2, SI), on(A, B))) 
hzi(i.si,hs..s 2 ,hs.) hs2(TSP(<5(S2, SI), on(B, Table))) 
I=zi(i,si,hsi,s 2 ,hs 2 ) hs2(TSP(<5(S2, SI), clear(A))) 

I=zi(i,si,hsi,s 2 ,hs 2 ) hs 2 (on(A, Table)) 
h/l(i,si,hs,,s 2 ,hs 2 ) hs 2 (on(B, Table)). 

3.6 Comparing with Other Work 

The other meta-level time approaches [3,5,18,11,1,7,4] that we mentioned are 
not directly comparable to our approach. For instance, Gelfond and Lifschitz 
[4] proposed the language A for describing actions and proposed a semantics 
based on states and transition functions, where a state is a set containing flu- 
ent names (which are symbols used to represent propositional fluents) and a 
transition function is a mapping from an action name and a state into another 
state. The transition function depends on the description of the actions in the 
domain description. The reason why this approach is not comparable with nsc 
is that adding more action descriptions may result in a nonmonotonic behav- 
ior and therefore language A should be compared with nsc with some sort of 
nonmonotonic complement, such as circumscription. 

Similar coments could be made to the other approaches, except for the work 
of Lin and Reiter [7]. These authors describe the progression of basic action 
theories. After summarizing their method, we compare their progression with 
ours. 

Consider a first order language £ with sorts action, situation and object. 
Define Cst as the restriction of this language that doesn’t mention any other sit- 
uation term but st, does not quantify over situation variables and do not mention 
Boss or < (predicate Boss identifies executable actions and si < s2 means that 
situation s2 is reachable from situation si by executing executable actions). Fur- 
thermore, consider the second order extension of Cst by predicate variables 
of arity object^. 

A basic action theory I? is a theory of the form 

V= SUVssUVapU U Vso, 



where: 

— E contains 



SO 9^ do(a, s) 

do(al, si) « do(a2, s2) (al « a2 A si « s2) 
VB.B(SO) A VaVs(B(s) B(do(a, s))) ^ (Vs)B(s) 
^s < SO 

s < do(a, s') AA (Boss(a, s') A s < s'). 
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— T>ss contains successor state axioms, which are axioms of the form 

Poss(a, s) ^ (F(x, do(a, s)) a, s)); 

— T>ap contains precondition axioms of the form 

Poss(A(x), s) ^ S'a(x, s)), 

where A(x) is an action and s) is a wff in Cg. 

^ T^una contains the unique names axioms for actions, that is, for any two 
different actions and A2{y) we have that 

Al{x) ii A2{y) 

and 



A{xl , . . . , xn) ~ A{yl , . . . , yn) xl « yl A . . . A xn « yn; 

— T>Sg contains the initial database, a first order theory in Cso- 

Given a basic action theory T>, the authors characterize the progression T>s^ 
of T>so in response to a. In order to do so, first introduce relation 

Definition 3.1. Consider two interpretations M and M' with the same domain 
for sorts action and object. We say that M' M iff 

— M' and M interpret all the predicate and function symbols which do not take 
any argument of sort situation identically; 

— M and M' agree on all fluents at Sa-' for every predicate fluent F and any 
variable assignment a, 

M' ^ F(x, do(of, S0 ))[(t] iff M F(x, do(a, SO)) [cr] . 

Lin and Reiter’s definition of progression follows. 

Definition 3.2. A set of sentences T>s^ in is a progression of the initial 
database T>so to Sa (with respect to V) iff for any interpretation M, M is a 
model ofVsa iff there is a model M' ofV such that M M' . ([7, Definition 
12 ]) 

Both Lin and Reiter’s notion of progression and ours are used to find the 
theory that describes a situation given a theory that describes another situation. 
However, in our method, we characterize the progression syntactically, that is, 
given a theory that represents a situation, we transform that theory into a theory 
representing another situation using syntactic transformations R and D. As a 
direct consequence, the bad surprising result that Lin and Reiter obtained, that 
the progression of a first order theory may result in a second order theory, doesn’t 
occur in nsc since replacing an atomic formula for another atomic formula in a 
first order formula doesn’t produce a second order formula. 
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4 Using Non-situation Calculus to Model Database 
Systems 

One example of application of nsc, inspired on the work of Reiter [12,14], is to 
model databases and to study the dynamics of databases. As stated earlier, nsc is 
used to model dynamic worlds. Moreover, a database is a dynamic system in the 
sense that we can execute procedures to change the database, the transactions. 
Therefore, it is possible to use nsc to model databases. 

In order to use nsc to model a database, we have to decide a priori which 
is the predicate symbol that is going to be used to describe the propositional 
fluents. Allowing only one predicate to be changed in different situations is a 
strong restriction when compared, for example, with Lin and Reiter’s approach 
where many predicates are allowed to be changed from situation to situation. 
This restriction, however, is the price to pay for a simple characterization of 
progression. 

We represent a database in a given situation as a nsc theory relative to 
that situation using the chosen predicate symbol to identify the propositional 
fluents and we represent database transactions as nsc changes. At this point, 
it is important to stress that transactions are represented declaratively, that 
is, the theory that represents the database determines which propositions hold 
after any transaction is executed. This raises a problem concerning the difficulty 
of finding appropriate axiomatizations, which is related to the infamous frame 
problem® [10]. The solution to this problem is outside the scope of this paper, 
and we assume that some method is being followed to solve it. 

Given this representation of a database, we are interested in characterizing 
the dynamics of databases. The characterization of a database dynamics can be 
done syntactically and semantically. Syntactically, given a database represented 
by a nsc theory Ui relative to si using h and a transaction represented by change 
c such that Ui h s2 « result(c, si), the database that results from executing 
this transaction is obtained by progressing Ui to s2, RD{r,s, si, h, s2, h). Note 
that the predicate symbol used to describe the propositional fluents both in Ui 
and in RD{rg, si, h, s2, h) is the same even though the predicates are different. 

Semantically, the characterization of the change is done using function A: 
given an interpretation of parameters T of the nsc relative to si using h, as the 
result of executing change c we should change this interpretation to interpreta- 
tion A{I, si, h, s2, h). 

The point we want to make is that the update of a database, which corre- 
sponds to the execution of a transaction in the database, doesn’t require any 
kind of inference. Instead, it can be seen as changing the viewpoint of the the- 
ory that represents the database, and that operation doesn’t need any kind of 
inference. 

It is interesting to notice that the problem raised by Lin & Reiter [7] of 
“reasoning about databases containing mixed facts - facts about the current and 



Some solutions have been proposed to this problem and the interested readers are 
referred to [17]. 
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initial situation” , raised when they were discussing perceptual actions, is solved 
by our approach by realizing that mixed facts hold in different progressions, that 
is, a proposition in a database representing a situation can be represented in a 
database representing a different situation by progressing one of the propositions 
to the situation in which the other proposition holds. 

5 Conclusions 

We present an approach to write first order logic theories to describe dynamic 
worlds in a meta-level time approach, that is, we use a theory to describe a 
situation and the propositional fluents holding in that situation don’t have to 
refer the situation. Furthermore, we introduce some functions in order to describe 
propositional fluents that hold in other situations. 

We present the syntactic transformation of this theory into another nsc theory 
relative to another situation using another predicate to describe the propositional 
fluents that hold in that situation, an operation we called “progression”, and 
discuss the semantics of nsc progression, that is, function A that is used to 
transform an interpretation of a nsc relative to a situation using a predicate into 
an interpretation of a nsc relative to another situation using another predicate. 

One of the good results that is obtained by this definition of progression is 
that progressing a first order theory always results in a first order theory, a result 
that doesn’t hold in Lin and Reiter’s characterization of progression. 

Non-situation calculus can be used to model databases and to study the 
dynamics of databases. We characterize the dynamics of databases both syntac- 
tically, using the new definition of progression, and semantically, using function 
Zl. 

Given a theory that represents a database in a situation and a transaction 
which is associated to a change, the theory that represents the database that 
results from executing the transaction can be obtained by progressing the theory 
to the situation that results from executing the change. In summary, executing 
a transaction in a database corresponds to changing the viewpoint from which 
the theory that represents the database is written. 

Appendix 

Theorem 5.1. Let s be a eonstant, let 7 and finite transformable F be in 
^NSC{s,h)- Then, Thy iff R{F,s,h) U {(^)} h R{j,s,h). 

Theorem 5.2. Let s be a constant, let 7 and finite transformable F be in Csc- 
Then F U {(^)} h 7 iff D{F,s) h D{j,s). 

Both Theorems 5.1 and 5.2 were proved in [8]. 

Before proving lemma 5.1 and Theorem 5.3, note that since the constants 
and functions are interpreted in the same way both in F and A(F, sq, hs„, si, hs-,) 
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and the universes \I\ and |Z\(X, sq, hg^, si, are the same, the extension of a 
function from V to \I\ (relative to X) is the same as the extension of a function 
from y to \A(I,so,hso,si,hs-,)\ (relative to A(I, sq, hgo, si, hg-,)). 

Lemma 5.1. LetX be an interpretation of Cj^sc{so,heg) o model of (l)-( 5 ) 
and let s he a function from V to \X\. Whenj € >Cjvsc(so Asq) such that if there 
is an occurrence of a free variable v in j then, for every d G \I\, \=j 7[s(w|c?)] 
iff , for every dG \X\, RD{'^,so,hg,j,si,hgf)[s{v\d)], then it is 

the case that |=x 7W iff \=A(x,so,h,,,,si,h,^) RD{'^,so,hg„,si,hg^)[s]. 

Proof. This lemma is proved by induction on 7. For readability, A(X) is used for 
A(I,so,hg,j,si,hgJ and RD{j) for RDi^j, sq, hgg, si, hgj. 

Suppose that 7 is atomic. Then, it is either ti « t2 or hgffti) or P{t \, . . . , t„), 
for n-arity predicate P different from « and hsg. 

— Consider that 7 = ti « t^- It is the case that |=x t\ « t2[s\ iff s(ti) = s{t2), 
from which it is the case that \=a{i) ti ~ t2[s]- According to RD definition, 
RD{ti « ^2) = ti « t2- Therefore, |=x h « ^2(5] iff \=A{i) RD{ti « t2)[s]. 

— Consider that 7 = hggfti). According to the definition of A, it follows that 
\=i hgg{ti)[s] iff \=A(i) /isi(TSP((5(si,so),ti))[s]. The result follows by con- 
sidering that it is the case that either sq = si or sq yf si. 

• Consider that sq = si. Given the definition of A, since X is a mod- 
el of (l)-(5), A{X) is also a model of (l)-(5). Furthermore, these in- 
terpretations satisfy t\ « TSP(i5(si, so)Xi) with any s, from which it 
follows that \=A(i) /isi(TSP(<5(si,so),ti))[s] iff \=a(i) hsi(ti)[s]. Observ- 
ing that RD{hgg{ti)) = hg,^{ti), it is the case that |=x hsg(ti)[s] iff 
\=A(I) i?£>(hso(tl))[s]. 

• Consider that sq yf si. Since RD{hgffti)) = hsj(TSP(i5(si, so),ti)), it is 
the case that \=i hso(ti)[s] iff hzi(i) RD{hgffti))[s\. 

— Consider that P{t\, . . . ,tn), for n-arity predicate P different from hsg. Ac- 
cording to the definition of A, \=j P{t\, . . . ,tn)[s] iff \=A(i) P{ti: ■ ■ ■ j^ra)[s]- 
Since P is different from hgg, RD{P{t\, . . . , t„)) = P{t \, . . . , t„). Therefore, 
\=i Pfti, . . . ,t„)[s] iff \=A{i) RD{p\ti,. . . ,t„))[s]. 

Therefore, for 7 atomic, \=x 7(5] iff \=a(x) .RI^(7)[s]j from which when 7 is such 
that if there is an occurrence of a free variable u in 7 then, for every d G |X|, 
\=i 7[s(x|d)] iff, for every d G |X|, \=a(i) -R-D(7)[s(u|d)], then it is the case that 
hi 7[s] iff h/i(i) RD{'-f)[s], for 7 atomic. 

Suppose that 7 = ->71 and that when 71 is such that if there is an occurrence 
of a free variable v in 71 then, for every d G |X|, |=i 7i [s(i'M)] iff; for every d G |X|, 
\=A(x) A£)(7i)[s(u|c?)], then it is the case that |=i 7i['S] iff hzi(i) RD{'li)[s]- 
It must be proved that when ^71 is such that if there is an occurrence of a 
free variable v in ^71 then, for every d G |X|, hi (^7i)[s('i'M)] iff; for every 
d G |X|, \=A(i) AD(^7i)[s(u|c?)], then it is the case that hi (^7i)[s] iff hzi(i) 
i?X)(^7i)[s]. 

Assume that ^71 is such that if there is an occurrence of a free variable v 
in ^7i then, for every d G |X|, hi (^7i)[s(r’M)] iff; for every d G |X|, \=a{i) 
i?Z?(^7i)[s(u|c?)]. Either there are free variables in ^71 or not. 
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— If there are free variables in ~'7i, then let n be a free variable. Then, \=x 
(^7i)[s(w|s(n))] iff \=A(i) -R-D(^7i)[s(n|s(w))]. Since s(n|s(f)) = s, the result 
follows. 

— If there are no free variables in ^71, then it remains to be proved that 

\=i (^7i)[s] iff \=A{i) According to satisfaction definition, \=x 

(^7i)[s] iff Tifs]- According to the inductive hypothesis, it follows that 

7i[s] iff ¥^a{i) RD{'ji)[s]. From satisfaction definition, it follows that 
RD{li)[s] iff \=A{x) (^A£>(7i))[s]. Since ^RD^ji) = it 

follows that \=x (^71) [s] iff \=A{x) RD{^^i)[s]. 

Therefore, the result follows for 7 = -171. 

Suppose that 7 = 71 72 , that when 71 is such that if there is an occurrence 

of a free variable v in 71 then, for every d G \I\, \=x 7i [s(i'M)] iff, for every d G \I\, 
\=A(x) AH(7i)[s(u|c?)], then it is the case that \=x 7i[s] iff \=A(x) RD{li)[s], and 
that when 72 is such that if there is an occurrence of a free variable v in 72 then, 
for every d G \I\, j=x 72[s(u|(i)] iff, for every d G \I\, h/i(i) RD{l2)[s{v\d)], 
then it is the case that \=x 72(5] iff \=A(x) RD{'^2)[s\- It must be proved that 
when 7i 72 is such that if there is an occurrence of a free variable v in 
7i =1* 72 then, for every d G \I\, \=x (71 =1" 72)[s(u|(i)] iff, for every d G \I\, 
\=A(X) RD{-yi => 72)[s(u|(i)], then (71 ^ 72)[s] iff h/i(i) RD{ji => 72)[s]- 
Assume that 71 72 is such that if there is an occurrence of a free variable 

u in 7i 72 then, for every d G \I\, \=x (71 =1' 72)[s(u|c?)] iff, for every d G \I\, 
\=A(x) RD{ji => 72)[s(u|(i)]. Either there are free variables in 71 72 or not. 

— If there are free variables in 71 72, then let u be a free variable in 71 72. 

Then, \=x (71 ^ 72)[s(u|s(u))] iff \=a(x) RDi-fi ^ 72)[s(u|s(u))]. Since 
s(u|s(u)) = s, the result follows. 

— If there are no free variables in 71 =^72, then it remains to be proved that \=x 

(71 72) [s] iff \=A(x) AZ?(7i 72) [s]- According to satisfaction definition, 

\=x (71 72)[s] iff either ^x 7i[s] or \=x 72 [s] or both. Since, according to 

the inductive hypothesis, it is the case that ^x 7i[s] iff V=a(x) AZ?(7i)[s], 
and \=x 72 [s] iff \=A{x) RD{l2)[s], it follows that either ^x 7i[s] or \=x 
72[s] or both iff either y^A{x) A£)(7i)[s] or \=a(x) RD{l2)[s\ or both, from 
which, according to satisfaction definition, it follows that \=x (71 72) [s] iff 

\=A(X) i.RD{'^i) => RD{j2))[s]- Since RD{^i) => RD{'^2) = ^£>(71 ^ 72), it 
follows that \=x (71 ^ 72) [s] iff h/i(x) ^£>(71 ^ 72) [s]- 

Therefore, the result follows for 7 = 71 =7 72. 

Suppose that 7 = Va; 71 and that when 71 is such that if there is an occurrence 
of a free variable v in 71 then, for every d G \I\, \=x 7i [s(x|<i)] iff, for every d G \I\, 
\=A(x) -R^(7 i)[s(^'M)], then it is the case that \=x 7i[s] iff \=a(x) .R£^(7 i)[s]- K 
must be proved that when Va; 71 is such that if there is an occurrence of a free 
variable v in Va; 71 then, for every d G \I\, \=x (Va; 7i)[s(u|(i)] iff, for every 
d G \I\, \=A(x) RD{yx 7i)[s(u|(i)], then it is the case that \=x (Va; 7i)[s] iff 
\=A(X) RD{\/x 7i)[s]. 

Assume that Va; 71 is such that if there is an occurrence of a free variable 
V in Va; 71 then, for every d G \I\, \=x (Va; 7i)[s(u|(i)] iff, for every d G \I\, 
\=A(x) RD(\/x 7i)[s(u|ci)]. Either there are free variables in Va; 71 or not. 
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— If there are free variables in Vx 71, then let w be a free variable. Then, 
hi hi 7i)h(t>|sh))] iff h/i(i) RD(yx 7i)[s(n|s(t>))]. Since s(w|s(n)) = s, 
the result follows. 

— If there are no free variables in Vx 71, then it remains to be proved that 
hi hi 7i)['S] iff hzi(i) RD{yx 7i)[s]. According to satisfaction definition, 
hi hi 7i)[s] iff) for every d G \I\, |=i 7i[s(i|d)]. It is either the case that 
X occurs free in 71 or not. 

• If a; occurs free in 71, then, according to the inductive hypothesis, it 
follows that, for every d G \I\, hi 7i[s(i|d)] iff, for every d G \I\, 
\=A(i) RD{ji)[s{x\d)]. 

• If a; doesn’t occur free in 71, then there are no free variables in 71, and, 
therefore, according to [2, theorem 22A],’^ for every d G \I\, hi 7i [■s(ih)] 
iff hi 7i[s]- According to the inductive hypothesis, it follows that hi 
7i[s] iff \=A(i) RD{'li)[s], and, according to [2, theorem 22A], it follows 
that \=A{i) RD{ji)[s] iff, for every d G \I\, hzi(i) RD{ji)[s{x\d)]. 

In both cases, it follows that, for every d G |X|, 71 [s(a;|d)] iff, for every d G \I\, 
hzi(i) RR{li)[s{x\d)]. According to satisfaction definition, it follows that 
hzim RDNx 7i)[sl iff \=A(i') hi -R^(7i))fsl- Observing that Va: RD{ai) = 
RD{\/x 71), it follows that hi (Vi 7i)W iff hzi(i) RDiVx 7i)[s]. 

Therefore, the result follows for 7 = Va; 71. □ 



Theorem 5.3. Let 2 he an interpretation of parameters in CNsc(so,h^g) o,nd a 
model of closed transformable theory Rgg. Then, A{2, SQ,hsg, Si,hs^) is a model 
of RD{Tsg ) -^O) hsg , Si , hsi ) . 

Proof. If X is a model of Pgg, then, for each 7 G Pgg, hi 7- According to model 
definition, for each function s from V to \2\, hi 7[s]. According to lemma 5.1, 
since Psg is closed, hi 7W iff hzi(i.so AoJ RD{ljSo,hsg,si,hs^)[s\. Since 
this result holds for any s, it follows that hzi(i.soA„o.«iXn) ^^(7> so, si, hj. 
Since 7 is any element of it follows that A{2, sq, hgg, si, hsf) is a model of 
RD(^Psq, sq, hsQ, S\, n 
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Abstract. An important problem that arises when npdating a dednc- 
tive database is that of integrity constraint maintenance. That is, given a 
consistent database and an update request, to obtain all possible updates 
of base facts such that the request is satisfied and no integrity constraint 
is violated. This problem becomes more complex when view updates are 
also taken into account. In this paper we dehne a method for view up- 
dating and integrity constraint maintenance in deductive databases. We 
propose a new method that is sound and that improves current methods 
by dealing with three kinds of updates: insertion, deletion and modi- 
fication updates on base and derived predicates. Moreover, due to the 
inclusion of an specific modification operator, the own dehnition of the 
method deals with key information of base and derived predicates. 

Keywords, view updating, integrity constraint maintenance 



1 Introduction 

Several problems may arise when updating a deductive database [18]. A well- 
known problem is that of enforcing database consistency. A deductive database 
is called consistent if it satisfies a set of integrity constraints. When performing 
an update, deductive database consistency may be violated. That is, the update, 
together with the current contents of the database, may falsify some integrity 
constraint. 

The classical approach to deal with this problem is that of integrity constraint 
checking, which is concerned with detecting whether a given update violates some 
integrity constraint (see for example [8]). If a violation is detected, the update is 
rolled back in its entirety. The main drawback of this approach is that the user 
may not know which additional changes are needed to satisfy all the integrity 
constraints. 

An alternative approach is that of integrity constraint maintenance [14,20,3], 
[17,13,1], which tries to repair integrity constraint violations by performing ad- 
ditional updates, other than the requested ones, to restore database consistency. 

Deductive databases contain also deductive rules that allow to deduce new 
(view or derived) facts from those (base) facts explicitly stored in the database. 
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Then, a request to update a derived fact must be translated into correct updates 
of the underlying base facts, since the view extension is completely defined by 
the application of the deductive rules. This problem is known as view updating 
[9,10,20,5,17,7,13]. 

View updating and integrity constraint maintenance are strongly related. On 
one side, an update obtained as a result of translating a view update request can 
violate an integrity constraint. On the other, repairing an integrity constraint 
defined through some derived predicate may require to perform a view update. 
Moreover, as shown in [17], integrity constraint maintenance and view updating 
cannot be performed as two independent steps because this would allow to con- 
sider repairs that could invalidate the requested view update. We propose a new 
method that addresses the problems of view updating and integrity constraint 
maintenance. Given a view update request, the main goal of this method is to 
obtain all possible translations that satisfy both the request and all integrity 
constraints. 

Our method extends the Events Method [17] by taking into account infor- 
mation about the keys of base and derived predicates. This allows us to consider 
three basic update operators: insertion, deletion and modification; and to in- 
corporate the treatment of key integrity constraints into the own definition of 
the method. Moreover, we can obtain translations that are not obtained when 
a modification is handled as a deletion followed by an insertion. A preliminary 
version of this method was presented in [15]. 

This paper is organized as follows. Next section reviews basic concepts of 
deductive databases. Section 3 reviews event and transition rules, that will be 
used by our method. Section 4 is devoted to the definition of our method. Section 
5 compares our method with previous research. Finally, Section 6 summarizes 
our conclusions. 



2 Deductive Databases 

We briefly review the basic concepts of deductive databases [11]. We consider 
a first order language with a universe of constants, a set of variables, a set of 
predicate names and no function symbols. We will use names beginning with a 
capital letter for predicate symbols and constants and names beginning with a 
lower case letter for variables. 

A term is a variable symbol or a constant symbol. We assume that possible 
values for the terms range over finite domains. If P is an m-ary predicate symbol 
and ti, . . . ,tm are terms, then P(ti, . . . , tm) is an atom. The atom is ground if 
every ti {i = l,...,m) is a constant. A literal is defined as either an atom 
or a negated atom. A fact is a formula of the form: P{t\, . . . ,tm) , where 
P{t\, . . . ,tm) is a ground atom. We assume that each m-ary predicate has a 
subset of arguments ti (z = 1, ... ,k with m> k > 1) that form the key of that 
predicate. 
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A deductive rule is a formula of the form^ P{ti, . . . ,tk,tk+i, ■ ■ . ,tm) ^ 
Li A • • • A Ln, with n > 1, where P{t\, . . . ,tk,tk+i, ■ • ■ ,tm) is an atom denoting 
the conclusion, and Li, . . . , L„ are literals representing conditions. Any variable 
in P{ti, . . . ,tk, tfc+i, ■ • ■ , tm), Li, . . . ,Ln is assumed to be universally quantified 
over the whole formula. A derived predicate P may be defined by means of one 
or more deductive rules. 

An integrity constraint is a closed first-order formula that every state of the 
deductive database is required to satisfy. We deal with constraints in denial 
form <— Ai A • • • A with n > 1, where each Li is a literal and variables are 
assumed universally quantified over the formula. We associate to each integrity 
constraint an inconsistency predicate Icj, where j is a positive integer. Then, we 
would rewrite the former denial as Ici <— Li A • • • A More general constraints 
can be transformed in denials by using [12]. 

We assume that the database contains a distinguished derived predicate Ic 
defined by the n clauses Ic *— Icj, that is one rule for each integrity constraint 
Icj of the database. Note that Ic will only hold in those states of the database 
that violate some integrity constraint and that it will not hold for those states 
that satisfy all constraints. 

To enforce the concept of key, we assume that associated to each predicate 
P{ti, . . . ,tk, tk+i , . ■ . , tm) there is a key integrity constraint that we define as: 

I^k ^ Pj fli • • ■ ? f fc 7 , . . . , tm ) A P{ h,. ..,tk , ^k+l J ' • • 1 ^m) 

A [tfc+1, • . • , tm] 7^ [^fc+1) • • • ) tm] 

These constraints are not explicitly defined since they are implicitly handled by 
our method. 

A deductive database is a triple (EDB, IDB, IC), where EDB is a set of 
facts, IDB a set of deductive rules and IC a set of integrity constraints. The 
set EDB of facts is called the extensional part of the database and the set of 
deductive rules and integrity constraints is called the intensional part. 

Database predicates are partitioned into base and derived predicates. A base 
predicate appears only in the extensional part and (possibly) in the body of 
deductive rules. A derived predicate appears only in the intensional part. Any 
database can be defined in this form [2]. We deal with hierarchical databases [11] 
and, as usual, we require the database to be allowed [11]; that is, any variable 
that occurs in a deductive rule has an occurrence in a positive literal of the body 
of the rule. 

Example 2.1. The following deductive database will be used during the paper: 

(El) Unemp.beneff Ann . 5001 

(F2) Unemp_benef( JocTO, 100) 

(F3) Sick-leave(Bo6) 

(Rl) Worker(p, c) ^ Works(p, c) A ^Sick-leave(p) 

(R2) Ic\ {p, a, c) ^ Unemp_benef(p, a) A Worker(p, c) 

This database contains three base predicates and a derived one: 

^ Underlined arguments correspond to the key arguments of that predicate. 
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~ Unemp_benef(p, o) states that a person p receives an unemployment benefit 
of an amount a. 

— Works(p, c) states that a person p works in a company c. 

— Sick-leave(p) states that a person p leaves from work granted by serious 
illness. 

— Worker(p, c) states that a person p is a worker if he/she works in a company 
c and he/she is not sick-leave. 

It contains also one integrity constraint Ici, stating that it is not possible to 
receive an unemployment benefit and to be a worker at the same time. Key in- 
tegrity constraints are illustrated by underlying key arguments of each predicate 
and state that a person may not have two different unemployment benefits and 
that a person may not work in two different companies. □ 



3 The Augmented Database 

Our method is based on a set of rules that define the difference between two con- 
secutive database states. This set of rules, together with the original database, 
form the Augmented Database A{T>) [16,19], which explicitly defines the inser- 
tions, deletions and modifications induced by an update. 

The definition of the Augmented Database is based on the concept of event. 
For each predicate P in a given deductive database V, an insertion event predi- 
cate iP, a deletion event predicate SP and a modification event predicate pP are 
used to define the precise difference of deducible facts of consecutive database 
states. 

More precisely, rules about iP, 6P and pP in the Augmented Database, 
called event rules, define exactly the facts about P that are inserted, deleted 
or modified in the extension of P by the application of some transaction T. 
Rules about iP, SP and pP depend on the definition of P in T>, but they are 
independent of any transaction T and of the extensional part of T>. 

A more formal declarative definition of iP, SP and pP is given by the fol- 
lowing equivalences^: 

Vfe, x{iP{k, x) P"(fc, x) A -•3yP{k, y)) 

Vfe, x{SP{k, x) P{k, x) A ->3yP^(k, y)) 

Vfe, X, x'{pP{k, X, x') P{k, x) A P'^{k, x') A a; yf x') 

For example, given the derived predicate Worker(p, c), zWorker( Jofen, Cl) de- 
notes an insertion event corresponding to predicate Worker: Worker (Jo/m, Cl) 
will be true after the application of the transaction and it is false before. On the 
other hand SWorker{Mary,C2) denotes a deletion event: Worker(Mary, C2) 
will be false after the application of the transaction and it is true before; while 
pWorker{Peter, Cl, C2) denotes a modification event: Worker(Peter, Cl) is true 

^ Here k, x, x' and y are vectors of variables and P" denotes the evaluation of P in 
the new state of the database. 
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before the application of the transaction and Worker(Peter, (72) will be true in 
the new state. 

If P is a base predicate, iP, SP and iiP facts represent insertions, deletion- 
s and modifications of base facts. Therefore, we assume from now on that a 
transaction T is a set of base event facts. 

If P is a derived predicate, iP, 6P and /iP represent induced insertions, 
deletions and modifications, respectively. If P is an inconsistency predicate, iP 
represents a violation of the corresponding integrity constraint. For inconsistency 
predicates, 5P and /iP facts are not defined, since we assume that the database 
is consistent before the update. 

An event {iP, SP and /iP) is said to be base (resp., derived) iff P is base 
(resp., derived). 

In addition to the event rules, the Augmented Database may also contain 
a set of transition rules associated to each derived or inconsistency predicate 
P. Transition rules of predicate P define predicate P in the new state of the 
database (denoted by P"). 

Example 3.1. Consider a derived predicate P defined by the rule P{k,x) ^ 
Q{k, x) A ~^R{k, x). Transition and event rules associated to predicate P are the 
following: 

P"(fe, x) ^ Q{k, x) A ^SQ{k, x) A ^p.Q{k, x, x') A ^R{k, x) 

A ^iR{k, x) A ^fiR{k, x, x') 

PJ*(fe, x) ^ Q{k, x) A ^SQ{k, x) A ^p.Q{k, x, x') A 6R{k, x) 

Psik, x) ^ Q{k, x) A ^SQ{k, x) A ^p.Q{k, x, x') A p.R{k, x, x') 

P^{k, x) ^ iQ{k, x) A ^R{k, x) A ^iR{k, x) A ^p.R{k, £c', x) 

P^iki ®) ^ ^Qiki ®) 7 SR{k, x) 

Peik, x) ^ tQ{k, x) A fiR{k, X, x') 

Prik, x) ^ tJ-Q{k, x' , x) A ^R{k, x) A ^iR{k, x) A ^fiR{k, x" , x) 

Psiki x) ^ P^Qiki x', x) A 6R{kj x) 

Pg(ki x) ^ t^Qikj x', x) A p.R{k, X, x") 

P^{k,x)^Pf{k,x) (i = l,...,9) 

iP{k, x) ^ P"(fc, x) A -<3yP{k, y) 

6P{k, x) ^ P{k, x) A ^3yP”(fc, y) 

fiP{k, X, x') ^ P{k, x) A P'^{k, X, x') A x =/= x' 

Transition rules define all possible ways of satisfying a derived fact P{K,X) in 
the new state of the database. For instance, the fourth transition rule states that 
P{K,X) will be true in the updated database if Q{K,X) has been inserted by 
the transaction P, R{K,X) is false in the current database, R{K,X) will not 
be inserted by T and no modification from R{K,X') to R{K,X) is given by 
T. Subscripts are only needed to distinguish among several transition rules of a 
derived predicate. □ 
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Description and discussion of the procedure for automatically deriving an Aug- 
mented Database can be found in [19], where several simplifications are proposed. 
We would like to note that in several cases transition rules corresponding to a 
predicate P may be completely removed. In the paper we will use the simplified 
version of transition and event rules. 

Definition 3.1. Given a deductive database T>, the Augmented Database A{D) 
of D consists of D, its transition rules and its event rules. □ 

Example 3.2. Relevant event rules of Example 2.1 are the following^: 



(12) 


zWorker(p, c) 


^ zWorks(p, c) A ^Sick-leave(p) A ^zSick-leave(p) 


(GO) 


lie ^ ilc\{p, 


a,c) 


(Cl) 


ilci{p,a,c) e- 


- Unemp_benef(p, a) A ^(5Unemp_benef(p, a) A 
^Aux2(p, a) A zWorker(p, c) 


(G5) 


llci{p, a, c) e- 


- /iUnemp_benef(p, a', a) A zWorker(p, c) 


(A2) 


Aux2(p, c) <— 


/iUnemp_benef(p, a, a') 



□ 

The event definitions prevent certain event facts to occur simultaneously. That 
is, some event facts are mutually exclusive and they may not be true at the same 
time. This is formalized by the following rules: 

Vfc, X {iP{k, x) ^3y {tP{k, y) Ax ^ y) 

Vfc, X {iP{k, x) -Ay SP{k, y)) 

Vfc, X {tP{k, x) ^3y, y' y,P{k, y, y')) 

Vfc, X {SP{k, x) ->3y iP{k, y)) 

Vfc, X {SP{k, x) ->3y yP{k, x, y)) 

Vfc, X, x' {yP{k, x, x') ~^3y iP{k, y)) 

Vfc, X, x' {yP{k, X, x') -<3y SP{k, y)) 

Vfc, X, x' {yP{k, X, x') -^3y {yP{k, x, y) Ax' ^ y)) 

4 Definition of the Method 

The purpose of our method is to update a deductive database and to enforce, at 
the same time, that no integrity constraint is violated. Given an update request 
that may contain updates of derived facts, our method automatically translates 
it into all possible transactions that, if applied to the database, would satisfy 
the requested update and would guarantee that the integrity constraints remain 
satisfied. 

Definition 4.1. An update request is a conjunction of non-mutually exclusive 
event facts'^. □ 

® The whole Augmented Database of Example 2.1 is given in Appendix A. 

^ The order of the literals in the conjunction is not relevant, since all of them must be 
satisfied. 
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Definition 4.2. A transaction is a set of non-mutually exclusive base event 
facts. □ 



Definition 4.3. Given a deductive database T>, its augmented database 
and an update request u, a translation of m is a transaction Ti such that: 

1. A{V)\JT, h u 

2. A{V)\JT,\t=iIc □ 

The first condition states that the update request is a logical consequence of 
the database updated according to Ti, while the second condition states that no 
integrity constraint will be violated in the updated database since no insertion of 
Ic will be induced by Ti. Note that, since we assume that no integrity constraint 
is violated in T>, ensuring that tie is not induced is sufficient to guarantee that 
no constraint is violated in the updated database. 

Definition 4.4. A translation Ti is a minimal translation if no proper subset 
of Ti is also a translation. □ 

For instance, the request of inserting the fact that Joan is a worker of BP and 
deleting the fact that Bob leaves sick would correspond to the update request 
u = {Worker! Joan , BP) A Sick-leave ( Bob )}. A minimal translation of u is Ti = 
Worker (Joan, BP).dSick-lea,ve( Bob ). JUnemp.beneff Joan , 100)}. 

Given a deductive database T> where no integrity constraint is violated, its 
corresponding augmented database A(T>) and an update request u, our method 
aims at obtaining all minimal translations Ti of u. Each Ti is obtained by having 
some failed SLDNF derivation of A(U)U{^ uA^iIc} succeed. This is achieved 
by including in the translation set Ti each positive base event fact selected during 
the failed derivation. At the end, we have that there is an SLDNF refutation of 
^ u A^ilc by considering A{T>) U Ti as input set. 

Different ways to make failed derivations succeed correspond to the different 
translations Ti of u. If no translation is obtained, it is not possible to satisfy the 
update request by changing only the extensional database. When an integrity 
constraint becomes violated by some update, our method proposes additional 
updates to repair this violation. In contrast, key information is managed through 
the own definition of the method by rejecting those translations that violate some 
key integrity constraint. 



4.1 Example 

The following example illustrates the steps performed by our method to obtain 
the translations that satisfy a given update request. 



® Note that A{V) already includes V. 
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Example 4-.1. Consider again the database of Example 2.1 and its relevant event 
rules given in Example 3.2. Assume that the update z Worker! Ann , UPC) is 
requested. 

Translations that satisfy this request are obtained by having some failed 
derivation of A{T>) U {<— z Worker! Ann . UPC) A ^z/c} succeed. The relevant part 
of this derivation is shown in Figure 1, where selected literals are underlined and 
circled labels are references to the rules of the method defined in Section 4.2. 



iWorker ( Ann , UPC) a -i ilc 

1 ( 12 ) 

<— iWorks ( Ann . UPC) A —I Sick-leave (Ann) a — i iSick-leave (Ann) a — i ilc 

2 



© 



T = {iWorks ( Ann, UPC)} 
I Sick-leave( Ann ) a i S i ck- 1 eave ( Ann ) a -i ilc 

© I' ■ 

< 1 iSick-leave (Ann) a ^ ilc 

n lie 






<— Sick-leave( Ann) 
3.1 



fails 



- fB.2 



iSick-Ieave( Ann ) 

I 

I C = {<— iSick-leave( Ann )} 

fails 



Fig2 



M 



T = {zWorks (Ann, UPC), 5Unemp-benef(Ann, 500)} 



Fig. 1. Derivation tree of Example 4.1 

Step 1 is an SLDNF resolution step. At step 2 the selected literal is 
zWorker! ArzTz . UPC), which is a positive base event. To get a successful deriva- 
tion, we must include it in the input set and use it as input clause. Therefore, it 
is added to the translation set T. Step 3 is again an SLDNF resolution step. 

At step 4 the selected literal is ^zSick-leave( Arm). To get a success for this 
branch zSick- leave! Ann ) must not hold. Then, we have to guarantee that the 
subsidiary tree rooted at <— zSick- leave! Ann ) fails finitely. This corresponds 
to guarantee that the current transaction T = izWorksl Azzzz . UPC)} does not 
contain an insertion of Sick-leave(Arm). 

The subsidiary derivation is shown in the box enclosed to step 4. To ensure 
failure of this derivation we must guarantee that zSick-leave! Ann 1 will not be 
included into T later on during the derivation process. This is achieved by means 
of an auxiliary set C that contains conditions to be satisfied during the whole 
derivation process. These conditions correspond to some of the goals reached in 
the subsidiary derivations, as shown at step 4.1 of Figure 1 where the condition 
<— zSick- leave! Ann ) is included in C. Hence, before adding a base event to T we 
must guarantee that it does not falsify any of the conditions of C. 
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At step 5 the selected literal is -~ilc and, as before, we must proceed with 
the corresponding subsidiary derivation to guarantee that ^ tie fails finitely. 
This corresponds, in this case, to enforce that the resulting transaction does not 
violate any integrity constraint. In Figure 2 we show how our method enforces 
the failure of this subsidiary tree. We only show one branch of the derivation 
because the other branches fail finitely without modifying the translation set. 



©" 



Uc 



5.1 (CO) 



Ucl(|^, a,c) 



5.2 (Cl) 

Unemp-benefi^, a) A 6Unemp-benef(2, a)-^"' Auk 2(£, a) a tWorker(^ c) 

5.3 (FI) 

^ 6Unemp-benefr Ann. 500) a"* Aux2f' Am. 500) a iWorker( Aiin. c) 



© 



5.4 (12) 



* 6Unemp-benef(Ami 500) a "* Aux2(Arsi 500) a iWorks^^ Aiui. c) 

A"* Sick-leavef^ Annl a"* t.Sick-leave(Aru^ 

5.5 

C = C fiUnemp-benefr Ann. 500) a...} 

* SUnemp-benefr Ann. 500) A"* Aux2i^ Ann- 500) a Sick-leave (Amt) a 
■* i.Sick-leave(Ann) 

(b^ 

* &Uiiemp -b enef YAint . 500 ) a "* Aux2r Ann- 500) a “• tSi ck-1 e avef' Arm^ 
5.7 



fails 



■ &U nemp -b eitef fAitn . 500^1 



i] 



5.7.1 

T = T { 5 U nemp-b enef rAnn. 500)} 



Fig. 2. Subsidiary tree for step 5 

Steps 5.1, 5.2, 5.3, 5.4 and 5.6 are SLDNF resolution steps where A{T>) acts 
as input set. Step 5.5 is an SLDNF resolution step where T acts as input set, 
but the current goal is also included into C to ensure that it will remain falsified 
during the whole derivation process. 

At step 5.7, we make the current goal to fail by considering the base event fact 
i5Unemp_benef( Ann , 500) . This is achieved by means of a subsidiary derivation 
that behaves as the initial one, which ends up with the inclusion of 
i5Unemp_beneff Ann . 500) to T after verifying that the new translation set does 
not falsify any of the conditions in C (see step 5.7.1). Note that, in fact that 
(5Unemp_beneff Ann . 500) is a repair required to satisfy Ic\ which is violated by 
the current transaction T = I z Works ( Ann , UPC)}. 
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After this step, the subsidiary derivation rooted at ^ ilc fails finitely. Then, 
the initial derivation of Figure 1 succeeds and the translation process is finished 
obtaining the translation T = IzWorksf Ann , UPC). (5Unemp_benef(Ann, 500)}, 
which satisfies the original update request and preserves database consistency. 

Two additional alternatives exist to force the failure of the derivation of 
Figure 2, by selecting any of the remaining literals at step 5.7. Although these 
derivations are not shown in the above figure, neither of them leads to other 
possible translations. Our method detects these situations because it determines 
that the base event facts to be included into T contradict some condition in 
C. □ 

4.2 Formalization of the Method 

As shown in the previous example, our method is an interleaving of two activities: 
satisfying the update request by including base event facts into the translation 
T ; and ensuring that the updates induced by these events are not contradictory 
with the requested update nor with the integrity constraints. These two activ- 
ities are performed, respectively, during the Constructive and the Consistency 
Derivation, as defined below. 

Let u be an update request. A transaction T is a translation of u if there is a 
Constructive Derivation from u/\^ilc%%) to ([] T C). Positive base events 
selected during this derivation are included in T, since they correspond to the 
updates needed to satisfy u, while other positive literals correspond to database 
queries. Consistency of the negative literals ^Lj selected during a constructive 
derivation is provided by considering a subsidiary Consistency Derivation from 

L,}TC) to {{} r C). 

To define these derivations, we need to introduce the following conventions: 

— Given a goal Gi of the form ^ Li A • • • A Lk, Gi\Lj refers to the goal 
obtained by removing the literal Lj from Gi. Notice that if Gi =<— Lj, then 

gaLj = []. 

— In a consistency derivation, Fi = {Hi} U F{ refers to the set of goals to be 
falsified, with Hi corresponding to the goal considered in the current branch. 

Constructive Derivation. A Constructive Derivation from (Gi T\ Gi) to 

(G„ T„ Cn) via a safe selection rule i? is a sequence (Gi Ti Gi), (G 2 T 2 G 2 ), . . . , 
(G„ T„ Cn) such that for for each i = 1, . . . ,n Gi has the form ^ Li A • • • A Lk, 
where R{Gi) = Lj and (G^+i Ti+i Gj+i) is obtained according to one of the 
following rules: 

Al) If Lj is positive and it is not a base event, then G^+i = S, Ti+i = Ti and 
Gi+i = Gi, where S corresponds to: 

— if Lj is a ground evaluable predicate that evaluates to true, then S = 

Gi\Lj; 

— if it is not an evaluable predicate, then S is the resolvent of some clause 
in A{D) with Gi on the selected literal Lj. 
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A2) If Lj is a positive base event and there is a substitution ct® such that 
A21) if Lj(7 G Ti, then G^+i = Gi\LjU, = Ti and = Ci. 

A22) if LjU ^ Ti and 

1. Lj = iP{k, x) and Sy iP{ka, y) G Ti and ~^3z P{ka, z) holds in T> 

2. Lj = SP{k, x) and -<3x' yP{ka, xa, x') G Ti and fact P{k, x)a holds 
in T> 

3. Lj = y,P{k,x,x'), 5P{k,x)a ^ Ti, ^3y' y,P{kcj,xa,y') G Ti, (x yf 
x')a and fact P{k,x)a holds in T> 

IfCi = Qi, Qk, ... ,^ Qn} and there exist consistency deriva- 
tions 



from {{^Qi}TiU{L,a}a) to {{} T^ C^), ..., 

from ({^ Q„} to ({} T" G”) 

then G*+i = G,\Lja, T^+i = T” and G*+i = G”. 

Notice that if Gi = 0, then Gi+i = Gi\Lj(j, T^+i = U {Lja} and 

G,+i = Gi. 

A3) If Lj is a negative literal and there exist a consistency derivation from 
({^ -L,} T, Gi) to ({} r G'), then G,+i = G,\Lj, T,+i = V and G,+i = 
C. 

Step A1 is an SLDNF resolution step where A{V) acts as input set. 

Step A2 deals with base event literals. In particular, A21 deals with an event 
that already belongs to Ti and it corresponds to an SLDNF resolution step with 
input set Ti. In A22 base event facts are included in Ti, when this inclusion does 
not contradict mutually exclusiveness of events, the event definition nor any 
of the conditions Ci already included in G. This may cause, in some cases, new 
inclusions into Ti. If the selected base event is not ground, it must be instantiated 
by considering possible values. In general, there exist as many alternatives as 
possible ways to instantiate the selected event. 

Step A3 ensures the consistency of the selected literal by considering a cor- 
responding consistency derivation for that literal. Again, new events can be 
included in Ti as a result of this subsidiary derivation. 

Consistency Derivation. A consistency derivation from (F’l T\ Gi) to {Fn T„ G„) 
via a safe selection rule i? is a sequence (Fi T\ C\), {F^ T2 G2), . . . , {Fn T„ G„) 
such that for each i = 1 , . . . ,n, if Hi =<— Li A ■ ■ ■ A Lk and if Fi has the form 
{Hi} U F{, where R{Hi) = Lj for some j = 1, . . . , fc, then (Fi+i G^+i) is 
obtained according to one of the following rules: 

Bl) If Lj IS positive and it is not a base event, then Fij.\ — S LJ F ^ , Tij.\ — T^ 
and Ci+i = Ci, where S' corresponds to: if Lj is an evaluable predicate that 
evaluates to true and A: > 1, then S' = {Hi\Lj}, but if it evaluates to false, 
then S' = 0; if Lj is not evaluable, then S' corresponds to the set of all 
resolvents of clauses in A{D) with Hi on the selected literal Lj, if [] ^ S' . 



Note that if the literal Lj is ground, the substitution a corresponds to the identity 
substitution. 
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B2) If Lj is a positive base event, S' corresponds to the set of all resolvents of 
clauses in Ti with Hi on the selected literal Lj. If [] ^ S", then = S'UFl 
and Ti+i = T^. If S" = 0 or Lj is not ground then Ci+i = CiU{Hi}, otherwise 

a+i = a. 

B3) If Lj is a negative literal and ^Lj is not a base event, then if /c > 1 and 
there exist a consistency derivation from ({^ ^Lj} Ti Ci) to ({} T' C), 
then F,+i = {H,\Lj} U F', T,+i = T' and Q+i = C'. 

B4) If Lj is a negative base event and if ^Lj ^ Ti and A: > 1, then = 
{H,\L,} U F', T,+i = T, and C\+i = C\. 

B5) If Lj is a negative literal, then if there exist a constructive derivation from 
-L, T, a) to (0 r C), then F,+i = F', T,+i = T' and Q+i = C . 

Step B1 is an SLDNF resolution step where A{V) acts as input set. 

Step B2 corresponds to an SLDNF resolution step with the input set Ti, but 
it may require the addition of the current goal to Ci, if the selected literal is a 
non-ground base event or if it does not belong to Ti. This is required to ensure 
that this derivation will not be succeeded by new inclusions into Ti. 

Steps B3 and B4 permit to continue with the current branch by ensuring 
that the selected literal Lj is consistent with respect to Ti and Ci. 

Step B5 falsifies the current branch by satisfying the literal ~^Lj through a 
constructive derivation. 

Consistency derivations do not depend on the particular order in which lit- 
erals are selected because, in general, it is necessary to explore all possible ways 
to falsify a goal Hi since each of them could lead to a different translation. 

4.3 Soundness of the Method 

Our method is sound in the sense that, given a deductive base T> and the aug- 
mented database A{T>), if the method obtains a translation T for an update 
request u, then the application of T to I? leaves the database in a state I?" 
such that u holds and all the integrity constraints are satisfied. Soundness of our 
method is based on the following Lemma. 

Lemma 4.1. Let V be a deduetive database, A(T>) the augmented database, u 
an update request and T a translation obtained by our method. Then, there exists 
an SLDNF refutation of A(V) U T U u A ~^ilc}. □ 

Lemma 4.1 relates the constructive derivation from u A ~^ilc 0 0) to ([] T C) 
of our method to an SLDNF refutation of A{T>) U T U u A ^z/c}. Given 
that SLDNF resolution has been proved sound [4], then the following theorem 
follows. 

Theorem 4.1 (Soundness of the method). 

Let V be a deductive database, A(fD) the augmented database, u an update 
request, such that u is not a logical consequence of comp{A(fD)). Let T be a 
translation obtained by our method. Then, u A ~^tlc is a logical consequence of 
comp{A{'D) U T). □ 
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Soundness of our method ensures that if there exists a constructive derivation 
from u A -<ilc 0 0) to ([] T C), then the database updated according to the 
translation T satisfies the request and does not violate any integrity constraint. 
The technical proof is presented in Appendix B. 



5 Comparison with Previous Work 

We compare our method with previous ones proposed to deal with view updat- 
ing and integrity constraint maintenance. We show first the main extensions of 
our method with regards to our precursor, the Events Method and we provide 
afterwards a comparison with the rest of the proposals. 



5.1 Comparison with the Events Method 

The method proposed in this paper extends the Events Method [17] along two 
different directions. First, by introducing the modification as a new basic update 
operator in addition to the insertion and to the deletion. Second, by considering 
key integrity constraints implicitly into the own definition of the method. The 
main differences provided by these features are the following: 

Basic update operators. We have incorporated the modification as a new basic 
update operator. In contrast, the Events Method handles a modification as a 
deletion followed by an insertion. Incorporating that new basic update operator 
has caused some changes on the semantics of previous basic update operators. 
That is, the meaning of insertion and deletion events is not the same in the 
Events Method than in our method. 

Example 5.1. Consider the following deductive database where R and Q are 
base predicates, P is a derived predicate, and the attribute x is the key of P, R 
and Q. 



R{1,2) 

g(l,3) 

P{x, y) ^ R{x, y) A ^Q{x, y) 

An update request to add the fact Q(3,4) to the EDB would correspond to an 
event zQ(3,4) in both methods. The same occurs with a request for removing 
the fact i?(l,2), that corresponds to the event i5i?(l,2). However, a request for 
adding the fact i?(l,3) would correspond to an insertion event zi?(l,3) in the 
Events Method but it would be a modification event 2, 3) in our method. 

This difference is motivated by taking into account the information provided by 
the keys of base and derived predicates in the definition of the event predicates. 

□ 
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Minimal translations. Considering a modification as a new basic update causes 
also some differences with respect to the minimal translations obtained by our 
method and by the Events Method. In both cases, a translation T is considered 
to be minimal, if no proper subset of T is itself a translation. Then, and due to 
the modification event, a minimal translation in our method may not be consid- 
ered minimal in the Events Method. For this reason, the number of translations 
obtained may differ in some cases. 

For example, assume that we have obtained two translations T\ = {5P{A, 1)} 
and T 2 = {trP{A, 1, 3)}. As no proper subset of T\ nor T 2 is itself a translation, 
both are considered minimal in our method. 

In the Events Method, these two translations correspond to Ti = {5P{A, 1)} 
and T 2 = {5P{A, 1), iP{A, 3)}. In this case, T 2 is not minimal, because there is 
a subset of it (Ti) that is itself a translation. Then the Events Method would 
only generate the translation Ti = {SP{A, 1)}. 

Maintenance of key integrity constraints. The Events Method does not consider 
the concept of key of a predicate. Therefore, to state that a certain attribute 
corresponds to the key of a predicate, key integrity constraints must be defined 
explicitly. 

Having to define key integrity constraints explicitly increases significantly the 
number of constraints in the database. Moreover, this method cannot take ad- 
vantage of the particular semantics of these constraints since it does not provide 
an specific treatment for them. In contrast, we do not need to define key integrity 
constraint and their treatment is specifically performed by the own definition of 
the method. 

5.2 Comparison with Other Relevant Work 

[17] already provides an exhaustive comparison and a clear illustration of the 
main drawbacks of methods proposed up to then (namely, [6,9,10]). Therefore, 
we will compare only with those methods that are not covered by [17]. This 
section is aimed at illustrating several drawbacks of these methods by means of 
examples. 

We would like to remark first that none of these methods deals with modi- 
fications as a basic update operator. That is, they consider only insertions and 
deletions. Moreover, they do not take into account the information about the keys 
of the predicates and, then, they do not include maintenance of key constraints 
in the management of updates during the translation process. The differences 
provided by these features have already been illustrated in Section 5.1. 

Wiithrich’s Method [20]. This method presents two main limitations: 

— There exist translations that are not obtained by the method: Wiithrich’s 
method implicitly assumes that there is an ordering to deal with the de- 
ductive rules and integrity constraints involved in the update request that 
would lead to the generation of a translation. However, this ordering does 
not always exist. 
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Example 5.2. Given the request insert (Edge (yl, C)) on the following database: 



Node(A) 

Node(B) 

Ici ^ Node(x) A ->3yEdge{x,y) 
Ic 3 ^ Edge{x,y) A ^Node(a:) 



Edge(^,S) 

Edge{B,A) 

Ic 2 ^ Node(a;) A ^3zEdge(2, x) 
Jc 4 ^ Edge(x, y) A Node(?/) 



Wiithrich’s method does not obtain any translation to the request, while we 
obtain the translation 



T = {iEdge(Al, C), zNode(C), zEdge(C, D), zNode(D), zEdge(Z?, B)} . 

□ 



~ Non-generation of Minimal Translations: Wiithrich’s method does not nec- 
essarily generate minimal translations, because it does not check, whether 
a base fact is already present in the EDB when suggesting to insert or to 
delete it. 



Example 5.3. Given the following database and an update request to 
insert(P(Al)): 

S{A,B) 

P{x) ^ Q{x) A R{x) 

R{x) ^ S{x,y) 

Wiithrich’s method could obtain only the non-minimal translation 

T = { insert (Q(4l)), insert(S'(^, C))} . 

In contrast, we would always obtain the minimal translation T = {iQ(A)}. 

□ 



Console, Sapino and Theseider’s Method [5]. This method presents one impor- 
tant limitation: 

~ Restrictions on the Integrity Constraints: this method can only handle flat 
integrity constraints, i.e. constraints defined in terms of base predicates only. 
Moreover, it considers also two additional restrictions: constraints must be 
in denial form and must have at most two literals in the body or either they 
must be (non-cyclic) referential integrity constraints. Those are important 
restrictions to the expressive power of the integrity constraints they can 
handle. 
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Loho and Trajcevsky’s Method [13]. This method presents two main drawbacks: 

— Restrictions on the Integrity Constraints: it requires the set of constraints 
to be resolution complete. That is, it must not be possible to derive new 
(implicit) integrity constraints from a given set of integrity constraints. For 
instance, constraints Ic\ ^ Q{x) A ~^R{x) and Ic 2 ^ R{x) A S{x) are not 
resolution complete, since a third integrity constraint can be deduced from 
them: Ic^ ^ Q{x) A S{x). The problem is that, as far as we know, there 
is no mechanism to derive sets of integrity constraints that are resolution 
complete. 

~ Invalid Translations: it may obtain translations that do not satisfy the re- 
quest: 

Example 5. 4- Given the following database and an update request to 
insert(Q(i3, 2)): 

S{A,1) 

Q{x,y) A S{x,y) 

S{x,y) A ^T{y) 

This method would obtain two translations: Ti = delete(S'(^, 1)), 
insert(S'(i3, 2))} and T 2 = {insert(T(l)), insert(S'(i3, 2))}. However, none of 
them satisfies the requested update, since insert(S'(i?, 2)) induces P and, 
hence, it falsifies insert(Q(i3, 2)). In contrast, there exist two correct trans- 
lations that our method obtains: Ti = 1), 2), zT(2)} and T 2 = 

{iT{l),iS{B, 2),iT{2)} and that are not obtained by Lobo and Trajcevsky’s 
method. □ 

Decker’s Method [7]. The main limitation of this method is that it cannot man- 
age appropriately update requests that involve rules with existential variables. 
The reason is that its derivations flounder when a literal corresponding to a 
non-ground base predicate is selected, thus impeding to reach the empty clause. 

For example, this method does not obtain any translation to the update 
request insert(P) in a database with only one rule: P <— S{x). Nevertheless, in 
our method, there exist as many translations as possible values of x for which 
S{x) is not true can be inserted. 

Moreover, this method does not always take into account base facts during the 
translation process. Therefore, this method may not obtain correct translations 
since it flounders because it does not take the EDB into account. For instance, 
consider the update request to insert(P) in a database: 

R{A,B) 

P ^ Q{A) 

Ici ^ Q{x) A R{x, y) A ~^S{y) 

Decker’s method is not able to obtain any translation to insert (P). However, 
there exist two translations Ti = {iQ{A),5R{A, B)} and T 2 = {iQ{A),iS{B)}, 
and both are obtained by our method. 
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6 Conclusions and Further Work 

We have proposed a new method for view updating and integrity constrain- 
t maintenance. Our method considers three basic update operators: insertions, 
deletions and modifications on base and derived predicates. Moreover, informa- 
tion about the keys of the database predicates is taken into account by the own 
definition of the method. We have proven soundness of our method and we have 
compared it with previous proposals showing by means of examples that we are 
able to deal with certain situations the others cannot handle appropriately. 

We have not considered the computational cost required in the general case to 
obtain all minimal translations since our aim has been to provide a method that 
extends the functionalities of the previous ones. However, it is obvious that this 
approach may not be efficient enough in some applications. Therefore, further 
work is required to provide efficient methods for view updating and integrity 
constraint maintenance. 
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Appendix A Augmented Database of Example 2.1 

This appendix shows the whole content of the Augmented Database A{'D) of 
Example 2.1, after applying the simplifications proposed in [19]. 



(FI) 


Unemp_benef(Ann, 500) 


(F2) 


Unemo -benef( Joan. 100) 


(F3) 


Sick-leave (Ro6) 


(Rl) 


Worker(p, c) < 


— Works(p, c) A ^ Sick-leave (p) 


(R2) 


/ci(p, a,c) ^ 


Unemp_benef(p, a) A ^Worker(p, c) 


(11) 


zWorker(p, c) 


^ Works(p, c) A 






^(5Works(p, c) A ^Auxl(p, c) A (5Sick- leave (p) 


(12) 


zWorker(p, c) 


^ zWorks(p, c) A ^Sick-leave(p) A ^zSick-leave(p) 


(13) 


zWorker(p, c) 


^ zWorks(p, c) A liSick- leave (p) 


(14) 


zWorker(p, c) 


^ pWorks(p, c', c) A i5Sick-leave(p) 


(Dl) 


<5Worker(p, c) 


^ (5Works(p, c) A ^ Sick-leave (p) 


(D2) 


(5Worker(p, c) 


^ Works(p, c) A zSick-leave(p) 


(Ml) 


^Worker(p, c. 


c') ^ pWorks(p, c, c') A ^ Sick-leave (p) A ^zSick-leave(p) 


(CO) 


tic <— ilc\{p, 


a,c) 


(Cl) 


z/ci(p,a, c) e- 


- Unemp_benef(p, a) A^i5Unemp_benef(p, a) A^Aux2(p, a 






zWorker(p, c) 


(C2) 


tlci{p,a,c) e- 


- zUnemp_benef(p, a) A Worker(p, c) A ^(5Worker(p, c) A 



^Aux3(p, c) 
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(C3) ilci (p, a, c) <— zUnemp_benef(p, a) A zWorker(p, c) 

(C4) z/ci(p, a, c) <— zUnemp_benef(p, a) A pWorker(p, c', c) 

(C5) z/ci (p, a, c) <— /iUnemp_benef(p, a', a) A zWorker(p, c) 

(Al) Auxl(p, c) ^ pWorks(p, c, c') 

(A2) Aux2(p, o) ^ /iUnemp_benef(p, a, a') 

(A3) Aux3(p, c) ^ pWorker(p, c, c') 

Appendix B Soundness of the Method 

In this appendix we prove the soundness of our method. First of all, we have to 
define the concepts of constructive and consistency derivations of level k'^. 

Definition B.l. Let G he a goal, T and T' translation sets and C and C 
condition sets. A consistency derivation of level 0 from ({G} T G) to ({} T' C') 
is a consistency derivation that does not call any constructive derivation nor any 
consistency derivation. □ 



Definition B.2. Let G be a goal, T and T' translation sets and G and G' 
condition sets. A constructive derivation of level 0 from (G T G) to ([] T' G') 
is a constructive derivation that does not call any consistency derivation, or it 
calls only consistency derivations of level 0. □ 



Definition B.3. Let G be a goal, T and T' translation sets and G and C' con- 
dition sets. A consistency derivation of level k-\-l from ({G} T G) to ({} T' G') 
is a consistency derivation that calls some constructive or consistency derivation 
of level k. □ 



Definition B.4. Let G be a goal, T and T' translation sets and G and G' 
condition sets. A constructive derivation of level /c + l from (G T G) to ([] T' G') 
is a constructive derivation that calls some consistency derivation of level k. □ 

Let u be an update request. Lemma 4.1 states that there exists an SLDNF 
refutation of A{T>) U T U u A ~^iLc} for every translation T obtained by our 
method. 

Lemma 4.1. Let V he a deductive database, A(fD) the augmented database, u 
an update request and T a translation obtained by our method. Then, there exists 
an SLDNF refutation of A{V) U T U u A ^z/c}. 

^ Note that the concept of level is different from the concept of rank of SLDNF deriva- 
tion defined by Lloyd [11]. 
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Proof. We have to prove that the steps in the above constructive derivation and 
the subsidiary consistency derivations correspond to SLDNF resolution steps, 
where clauses of A{T>) U T act as input clauses. This proof is performed by 
induction on the level k of these derivations. 

Let G be a goal, T and T' translation sets and C and C condition sets. We 
first prove that a consistency derivation corresponds to a finitely failed SLD- 
NF tree. This result is used afterwards to prove that a constructive derivation 
corresponds to an SLDNF refutation. Let k = 0. 

a) Let GS” be a consistency derivation of level 0 from ({G} T G) to ({} T' C). 
Then, the SLDNF derivation tree of A{T)) U T' U {G} fails finitely®. It cor- 
responds to the failure of goal G. 

— Step B1 corresponds to a SLDNF resolution step with input set A{V). 
— Steps B2 and B4 correspond to SLDNF resolution steps with input set 
T = T'. 

— Steps B3 and B5 are not applicable for fc = 0. 

b) Let GT be a constructive derivation of level 0 from (G T C) to ([] T' C). 
Then, there exists an SLDNF refutation of A{V) U T' U {G}. We distinguish 
two cases: 

1. No consistency derivation is called: 

— Step A1 corresponds to a SLDNF resolution step with input set 

A{V). 

— Step A21 corresponds to a SLDNF resolution step with input set 
T' = T. 

In Step A22 a ground event Lj could be included to T (T' = T U 
{Lja}) and no consistency derivation is called (G = 0). Therefore, 
step A2 corresponds to an SLDNF resolution step with input set T' . 
— Step A3 is not applicable in this case. 

2. Some consistency derivation of level 0 is called: 

— Step A1 corresponds to a SLDNF resolution step with input set 

A{V). 

— Step A21 corresponds to a SLDNF resolution step with input set 
T' = T. 

In step A22, a ground event Lj could be included to T, and so, a 
consistency derivation of level 0 is called from (G T U {Lja} C) to 
({} T' C). We will get a new goal in the constructive derivation if 
there exists the above consistency derivation. The consistency deriva- 
tion corresponds to the negation as failure of G with respect to the 
new input clause LjU. Previous failure of G with respect to T is not 
altered. Therefore, step A2 correspond to a SLDNF resolution step 
with input set T' . 



When G is a set of n > 1 goals, the root of the tree is an implicit goal ^ F with n 
decendant branches, one for each goal Hi in G. 
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— In step A3 it is checked that a consistency derivation of level 0 exists 
from ({^ ^Lj} T C) to ({} T' C'), that is, the failure of ^Lj is 
checked. This corresponds to a negation as failure rule and, therefore, 
step A3 is a SLDNF resolution step. 

Since the base case has been proved, we now assume that the result is true for 
derivations of level k. Now, we are going to prove that the Lemma 4.1 also holds 
for derivations of level k + 1. 

c) Let CS be a consistency derivation of level fc+1 from ({G} T C) to ({} T' C). 

Then, the SLDNF derivation tree of A{T>) U T' U {G} fails finitely®. 

— Step B1 corresponds to a SLDNF resolution step with input set A{V). 

— Step B2 corresponds to a SLDNF resolution step with input set T' . 
Failure of goal G is ensured: 

• for events that belong to T by the own definition of this step. 

• for those base events that will be included into T after this step 
(r' — T). These events will be included in a constructive derivation 
of level k (step A2). The goal G is included to set G, and therefore, 
its failure will be ensured by the consistency derivation of step A2. 

— Step B3 corresponds to a SLDNF resolution step with the input set 
A(V) U T' . By induction, the SLDNF derivation tree of A{T)) U T' U 
fails finitely, since a consistency derivation of level k is called. 

— Step B4 corresponds to a SLDNF resolution step with input set T. 

— Step B5 corresponds to a SLDNF resolution step with the input set 
A{T>)UT' . By induction, there exists a refutation of A(T>)UT'U{^ ^Lj}, 
since a constructive derivation of level k is called. 

d) Let CT be a constructive derivation of level fc+1 from (G T C) to ([] T' C). 

Then, there exists an SLDNF refutation of A{T>) U T' U {G}. 

— Step A1 corresponds to a SLDNF resolution step with input set A{'D). 

— Step A21 corresponds to a SLDNF resolution step with input set T = T' . 
In step A22, a ground event Lj could be included to T, and so, a con- 
sistency derivation of level fc + 1 is called from (G T U {Ljcr} G) to 
({} T' C). We will get a new goal in the constructive derivation if there 
exists this consistency derivation. As we have proved in c), the consis- 
tency derivation of level fc + 1 or below corresponds to the negation as 
failure of G with respect to the new input clause LjU. Previous failure 
of G with respect to T is not altered. Therefore, step A2 correspond to 
a SLDNF resolution step with input set T' . 

— In step A3, it is checked that a consistency derivation of level fc+1 exists 
from ({^ ~^Lj} T C) to ({} T' C'), that is, the failure of is checked. 
This corresponds to a negation as failure rule and, therefore, step A3 is 
a SLDNF resolution step. □ 

Theorem 4.1 (Soundness of the method). Let T> be a deductive database, 
A(T>) the augmented database, u an update request, such that u is not a logical 
consequence of comp{A(T>)). Let T be a translation obtained by our method. 
Then, u A ~^iLc is a logical consequence of comp{A{'D) U T). 
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Proof. Lemma 4.1 states that there exists an SLDNF refutation of A{'D)UTU{^ 
uA^iIc} if there exists a constructive derivation from uA^iIc 0 0) to ([] T C). 

By the soundness of the SLDNF resolution, the existence of the SLDNF 
refutation of A{T>)LlTU{^ uA^tlc} ensures that uA^iIc is a logical consequence 
of comp(A(I?) U T). □ 
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Abstract. In this investigation we discuss how to improve the quality 
of decision trees, one of the classification techniques in compensation for 
small loss of amount of information. To do that, we assume a semantic 
hierarchy among classes which is ignored in conventional stories. The 
basic idea comes from relaxing class membership by using the hierarchy 
and we explore how to preserve the precision of classification in a sense 
of entropy. 

Content Areas - Machine Learning, AI in Databases, AI in Data Mining 



1 Motivation 

Knowledge acquisition from databases is a technique by which we can obtain 
useful information that we didn’t have found before. If the intensional informa- 
tion of databases (i.e., schemes) are utilized, the process is called classification 
because the intents of the inputs are defined in advance. A decision tree is one of 
the classification techniques[16,17]. To classify input, we will specify a collection 
of classes, class membership criteria, attributes to be examined and training da- 
ta. The tree is a set of conditions to classify input into classes. The technique 
has many advantages. First we don’t need no domain knowledge thus we have 
the wider applicability. This also leads to efficient generation of the trees. In 
fact, no back tracking is needed and it takes polynomial time with respect to 
the number of attributes and inputs. The result is best optimized in a sense 
of entropy of class membership. It is worth noting that the issue to obtain the 
smallest decision trees is NP-hard. 

On the other hand, no background knowledge such as concept hierarchy 
is utilized and sometimes it may cause overfitting trees[2]. That is, we would 
generate wide-spread trees to reason all the training data but we might make 
wrong classification to the total data, because such classification process would 
become slow, incorrect, less useful and hard to maintain tasks. 

In this work, we propose a new classification methodology. Compared to 
conventional processes of decision tree generation, our new decision tree algo- 
rithm differs from the ones since we heavily utilize the background knowledge 
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of databases. First, we like useful trees in a sense that we could interpret it by 
means of some concepts of our interests without losing generality. On the other 
hand, we try to avoid wide-spread trees as we said. In this investigation, we pose 
some conditions on the structure of decision trees such as the number of nodes 
or height of the trees. Secondly, the result trees may not be optimal compared 
to the original theory but still keeps the allowable entropy. Finally the trees may 
be generated in a back-tracking manner but we try to avoid the duplicate cal- 
culation. To obtain our goals, we discuss rather tough ideas. That is, we revisit 
the input and may change the values or class membership dynamically. 

In this work, section 2 contains some definitions and some discussion of deci- 
sion trees. In section 3, we reexamine notion of entropy for decision trees under 
the new environment. We discuss our relaxation technique in section 4. Section 
5 contains some experimental results. After discussing some related works in the 
next section, we conclude our work in section 7. 

2 Definitions 

In this investigation, we assume objects (or entities) and classes as primitive 
concepts where an object means a thing in the world of interests and a class its 
intension. Every object belongs to some classes. Also we use a notion of attribute 
to stress a role of a class, but its value is an object. Given a class c, we denote 
a collection of objects of a class c by F(c). In this investigation we discuss table 
data T as our testing vehicles : 





(A,. 


.. A„:C\ 




/ A:C\ 


T = 


a[ . 


.. a(,:ci 


= 


ti : Cl 




U? • 


■ • a^:cfc j 




\ ■ Cfc J 



Implicitly each row means an object and tj describes a collection of the char- 
acteristic values over a set A of attributes Ai,i = 1, ..,n, C = {c\, ..,Cq}{q < k) 
means which class an object belongs to. For simplicity we assume A and C are 
disjoint. 

We say ci ISA C 2 for two classes ci, C 2 , if we have a constraint T'(ci) C r{c 2 ), 
and a class hierarchy is a set of ISA where every class has just one parent with 
one exception @E that means an object class as a very top, and we assume every 
class appears in the hierarchy. The hierarchy is called single if F(c) H F(c') yf (j) 
means c ISA c' or d ISA c, i.e., F(c) C T(c') or T(c') C F(c). In the following, 
we assume a single class hierarchy. 

A table T is called consistent, if there are duplicate rows of different classes 
c and d, then c ISA d or d ISA c holds. In this work, we assume all the tables 
are consistent. The readers have to note that such rows have been considered as 
noises in traditional approach of decision trees. 

Example 2.1. Our running example comes from C4.5 book[17] but slightly mod- 
ified. There are 3 attributes and 3 classes: Weather, Temperature, WindForce 
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are attributes by which we decide whether some horse races are held (Held), 
partially held{Half) or not (No). The readers might see duplicate rows of differ- 
ent classes^. We have 60 possible combination of attribute values but only 13 of 
them appear in 14 rows: 



Weather Temperature 


WindForce 


RaceC ondition 


Fine 


Medium 


Windy 


Held 


Fine 


High 


V eryWindy 


Half 


Fine 


Very High 


Windless 


No 


Fine 


Low 


Breeze 


Half 


Fine 


Low 


Breeze 


Held 


Cloudy 


Low 


Windy 


Held 


Cloudy 


High 


Breeze 


Held 


Cloudy 


High 


V eryWindy 


Half 


Cloudy 


Low 


Windless 


Held 


Rainy 


Low 


Windy 


No 


Rainy 


Very Low 


V eryWindy 


No 


Rainy 


Medium 


Windless 


Held 


Rainy 


Low 


Windless 


Held 


Rainy 


Low 


Breeze 


Half 



□ 



Classification has been targeted not only for classifying objects correctly into 
one of the clases but also for developing how to do that, because this could make 
clear what the objects mean. In our story, the classification consists of a set of 
conditions «i, where ai determines a class in such a way that all the rows 
in T satisfying ai belong to the class, the set of rows is denoted by Ti = ai{T). 
Each ai is described as the conjunction of elementary form of Ai = ”oj” and all 
the T is covered exclusively by «i V ... V ak- 

A special attention has been paid on the tree form of the classification, called 
decision trees. Each node corresponds to a branching process, each branch to a 
condition Ai = ” aC where ai is an attribute value on Ai and every path from the 
root to the leaf makes aj. Branches are generated on an attribute A according 
to the set of attribute values over A until all the rows satisfying these conditions 
belong to an identical class. 

Induction of decision trees can be made by the following algorithm DT(S', AT, 
AL) where S means a set of rows, AT a set of attributes and AL a set of 
conditions. A table T is given as an input over a set of attributes A\, .., A„, but 
in this case, all the classes ci, .., Cq in T are assumed disjoint, i.e., there is no c, d 
such that T{c) n T{d) yf f. We start the algorithm with DT(T, {Ai, .., A„}, ^). 
If it terminates successfully, we get the tree conditions and the corresponding 
classes of the paths ai{di), ...,ak{dk). 

(1) If all the rows in S belong to an identical class d, we return AL{d) 
successfully. 

(2) Assume otherwise. Select an attribute A G AT, and 

(2.1) Make grouping of S' on A into Si,..,S„. Each Sj is generated by 
the condition A = ’’oj” to S. 

(2.2) For each Sj, do DT{Sj,AT — {A}, AL U {A = ”ay”}) in a recursive 
manner. 

But, they are consistent as described later. 



1 
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(2.3) Collect all the results as ALi{di) V .. V AL^idw)- If some Sj fails, 
we regard the result as distinct undefined class. 

(3) If AT is empty, return fail. 

Conventional story says that the step (2.1) could be replaced by most of the 
rows belong to a class, in other words, noises are allowed. The step (2.3) also 
might be considered as gray zone and the classification might be inherited from 
the parent. However which attributes should be selected at the step (2) above ? 

To select attributes, the original approach has been proposed based on the- 
ory of entropy, i.e., probabilistic prediction, though several extensions adopt 
other probabilistic strategies such as GINI found in the theory of binary deci- 
sion trees [17]. This is the point of decision trees by which we can obtain effective 
and much efficient results without inspecting the input many times. 

The scenario of the selection is as below : In the input S of n rows, we assume 
there exist Uj rows of the class Cj , uniformly distributed probability pj = njjn 
of the class membership of Cj, and n = n\ + + Uq,ni > 0. The value log 2 (l/pj) 
is called amount of information of the class membership, and we define E{S), 
called entropy, as the expected amount of information: 

E{S) = SjPj l0g2(l/Pj) = -SjPj l0g2 Pj . 

Let ai,..,aw be all the attribute values appeared on A in S, and Si,..,Sw 
be all the groups of S according to the conditions A = ’’aj”, j = 1, ..,w. Then 
we define nf as the number of the rows in Sj that belong to a class c^. Note 
ni = and mj = is the number of rows of Sj. The entropy Vj of 

the class membership of Sj is, by the definition : 

- 1 {nj / mj ) log2 {ni fm, ) 

and the entropy Ea{S) of the class membership of S over A is defined as : 

By the above consideration, the gain Ga{S) to do branching on A is defined as 
E{S) — Ea{S). We will select the attribute A by which we obtain the maximum 
gain. 

Example 2.2. In our running example, the original entropy if(T) is 1.49261. 

At the first step, we obtained the entropy values 1.31889, 0.886169 and 
0.911063 on the attributes Weather, Temperature and WindForce. Thus we s- 
elect Temperature as the first level. All the rows in each case of VeryHigh, 
Medium, Very Low belong to a single class. In the case of Low, we got the 
values 0.964984 and 0.67927 on the attributes Weather and WindForce, then we 
select WindForce. The story goes like this and finally we get the decision tree. 
Below is the result of C4.5. 

The tree has the height 3 but it seems hard to see the usefulness of leaf 
levels although the semantics could be well-defined. This is the reason we like 
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to summarize a collection of values. Also the readers can see illegal decisions (of 
C4.5) since there is no causal row about them^. Note also {Low, Breeze, Hal f) 
is treated as a kind of error. 



(T emperature) 




Very High 


No 


Medium 


Held 


VeryLow 


No 


High (WindForce) 




V eryWindy 


Half 


Windy 




Breeze 


Held 


Windless 


//a//(*) 


Low (WindForce) 




V eryWindy 


Held(^) 


Breeze 


Half(e) 


Windless 


Held 


Windy (Weather) 




Fine 


Held(^) 


Cloudy 


Held 


Rainy 


No 



□ 



3 Entropy in a Class Hierarchy 



In the original theory, as we pointed out, the algorithm sometimes generates less 
precise yet wide-spread trees since it always tries to reason all the input. 

Our new decision tree algorithm differs from the ones proposed before since 
we heavily utilize the background knowledge of class hierarchy in databases. 
Since the classes ci, .., have been assumed to be disjoint in the original theory, 
the entropy —Spi\og2Pi describes the expected amount of information with 
respect to exclusive class membership. Remember we assume a (single) class 
hierarchy, we have to re-examine the definition under the new environment. 



In a table T = 



h : Cl 
, Ik ■ Cfc 



it seems reasonable for us to consider a row tj : cj 



as an object carrying the values tj of the lowest class Cj that, in fact, means all 
the ancestors. This is still true even if there are duplicate values in the consistent 
table. 



Assume e G L{ci) and ci ISA C2. Then e should be in T(c2). Given pi = nifri2 
and p2 = ri2ln where ni,ri2 are the cardinalities of T(ci),T(c2) respectively, 
and n means the number of total objects, the probability of the membership is 
obtained by pi x p2 = nijn, thus we consider the probability of Ci membership 
of e as the one without looking at the hierarchy. Note > k because 

objects belong to a class and all its ancestors. As the result, we will change the 
probabilities in the definition of entropy but the (new) class membership can be 
obtained easily by looking at ISA hierarchy and the input table T. 



2 



Such rows are marked with *. 
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4 Relaxation of Classification 

Let us outline our idea and major issues to be attacked. To improve the under- 
standability of decision trees, we will change class membership into higher ones 
on class hierarchy. In fact, the hierarchy may help pruning the trees in a much 
efficient and clever way. By this technique, we obtain precise decision tree in a 
sense that the trees make classification correctly. But sometimes trivial results^ 
are obtained by the generalization of the tree along our class hierarchy. Thus 
our true issue is how we can obtain precise yet useful trees. Of course, such fun- 
damental question should come from the nature of knowledge acquisition, but 
we start with some assumptions to our decision trees as we said. First, we pose 
some conditions on the structures of decision trees. Second, the result trees may 
not be optimal compared to the original theory but is kept to have the allowable 
entropy. And lastly, the trees may be generated in a back-tracking manner but 
we try to avoid the duplicate calculation. 

To obtain our goals, we revisit the input T and change the values or even 
class membership dynamically. 



4.1 Complexity of Classification 

It is hard to define complexity of decision trees. In fact, none of the number of 
nodes, the height and the width of the trees or the number of branches could 
capture the complexity of the concepts. But also it is true that too large trees 
make people confused, that’s the reason why pruning technique is considered 
important. In our work, we will put an emphasis on the size of the tree and pose 
some conditions on the trees. 

Assume there are Uj distinct values appeared on Aj attribute (j = 1, .., n) in 
T, and u = {u\ -I- .. -I- u„)/n. In the worst case, the results might become u-ary 
trees of the height up to log„(ui x ... x m„), but we might expect log„ A: where 
k is the number of rows in T. In this investigation we discuss the heights of the 
trees since it can be checked anytime independent of other branches. We assume 
pruning ratio a and the height condition becomes a x log„ k. 

Example 4-1. In our example, there are 3 values on Weather attribute, 5 values 
on Temperature and 4 values on Windiness. Then u = (3 -I- 4 -|- 5)/3 = 4, thus 
we get log„ k = log 4 14 = 2. Bigger a causes deeper trees. In this investigation 
we set a = 1.1, i.e., the height 3, just same as the result of C4.5. □ 



4.2 Rewriting Attribute Values 

During the generation of decision trees, the structural condition might fail dur- 
ing the generation of new nodes and branches. In this case, we change the values 
on a certain attribute into higher abstractions and we will guide the rapid con- 
vergence. 

® For example, everything is classified into @E. 
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This can be done just by clustering techniques by numerical semantics such 
as average salary values. By clustering numerical values, a set of range values are 
abstracted and we can reduce size of trees. In the case of non-numeric semantics 
such as HighSalary, LowSalary, on the other hand, few technique is known. In 
this work, we adopt the same idea of Han[5]. 

As the first abstraction, we change an attribute value by its lowest ‘class’ 
that the value belongs to^. As the following abstraction steps, we climb up the 
class hierarchy, i.e., we change the value by the next higher class. Eventually we 
get to the very top @E that means every value is identical. 

Example 4-. 2. In our running example, we assume several class hierarchies. 

1. On Weather attribute, we have Fine, Cloudy objects and Rainy object which 
belong to NotWet and Wet classes respectively that are defined as the sub- 
classes of DontCare class. 

2. On Temperature attribute, we have VeryHigh, High, Medium, Low and Very 
Low objects. The first two are the member of Hot class. Medium is in Warm 
class and the last two in Cold class. We assume Warm ISA Comfortable, 
Cold ISA Comfortable and Hot ISA NotCood. We assume each class ISA 
DontCareTemp. 

3. On WindForce, we have Very Windy, Windy, Breeze and Windless objects. 
The first two are the member of Wind class while the last two in No Wind 
class. We assume each class ISA DontCareWin. 

4. Finally on result classes, we assume Half is a special case (sub class) of Held 
case, thus HalflSk Held. 

For instance, we may change both Fine, Cloudy into NotWet, then into DontCare. 

Note the entropy in our example is now 1.265982 since pHeid = H/14, 
PHaif = 4/14 and pno = 3/14 where Pc means the probability of the class 
c. □ 

In the above process, the attribute values are grouped together and the de- 
cision trees become useful. In fact, we might lose some amount of information 
and the entropy must be reduced eventually®. 

Let us consider the details. Assume we change the values {oi, .., a^} on an at- 
tribute A appeared only in the set S, S CT, of rows to be considered. Note there 
should be no change of entropy on other attributes. The set S has been decom- 
posed into Si, .., Sw but now some of them are combined into S[, .., S'/,/, u>' < w. 
This is because, for instance, Si,S 2 have been generated by the condition- 
s A = ”ai”,A = ” 02 ” respectively, but 01,02 now become identical, then Si 

^ Or we generate a special object of the class and replace by it. 

® The entropy does not decrease linearly because of the intermediate values. 
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and S2 must be in the same (new) component. The entropy Vi of Si is obtained 
by 

X log2{nl/nii) 

where mi is the cardinality of Si, n\ is the number of the rows of that belong 
to a class Cj. 

In a similar manner, we have V2 obtained by 

-(l/m2)£'i=i,.„gn,^ X log2(n-/TO2) 

When Si and S2 are combined, the new entropy V12 becomes 



+ m 2 ))Si^i,..,q(n\ + nl) x log 2 ((n- + n,^)/(mi + m 2 )) 



Thus the total change becomes 1^12 — (Vi + V2), but this formula says there can’t 
be continuous reduction of entropy though it might be to 0 (in the case of @E). 

Then we must have a question similar to the original story, which attribute 
should he selected ? It seems reasonable to select one from not-yet-processed at- 
tributes since part of decision trees have been generated. To reduce the selection 
overhead, we utilize the list of Ea{S) values because they had been calculated 
to develop the trees. Here our choice depends on the minimum gain of entropy 
E{S) — Ea{S). This is because Ea{S) of the minimum gain carries the maximum 
entropy and the change of the attributes values could make effective to reduce 
branching. 



4.3 Relaxing Class Membership 

By rewriting the attribute values we may expect the reduction of decision trees 
(and the entropy). Unfortunately we might get some inconsistency in total. In 
this subsection we discuss this issue and how to resolve it. 

After changing the attribute values in S where S CT, there might be dupli- 
cate rows t : ci,t : C2 in T but of distinct classes. By the definition, the result is 
consistent if ci is the ancestor of C2 (or vice versa). In this case we change class 
membership and we replace all the class membership by the least general class 
among them. 

More important is the case that, when ci, C2 are disjoint, no object can belong 
to both Cl and C2, and the result becomes inconsistent. We fix this problem by 
changing the class membership of one of the rows. Using a single class hierarchy, 
we can have the least common ancestor cq of ci, C2. Then we select one of ci or 
C2 that has the smaller distance to cq, say ci, and we change the two rows by 
t : co,t : C2- The row t : ci is now assumed not to be in the class ci but in cq, 
which means the class membership of ci is relaxed to cq, since ci ISA cq. Note 
that the changes may arise among different branches in the partially developed 
trees and the duplicate check should be made to the relevant rows. 

Example 4-3. Since Half ISA Held, We could change a row {Fine, Low, Breeze) 
of Half class into the one of Held class. □ 




Making Decision Trees More Accurate by Losing Information 221 



The change of class membership causes the reduction of the total entropy. In 
fact, the probability n\jk of the lowest class ci is decreased to (ni — l)/fc while 
the probability nojk of the lowest class cq is increased to (no + l)/fc where no,ni 
mean the number of rows of T(co), T(ci) in T and k means the number of rows 
in T. The amount of information of ci is changed from {n\/k) log2(ni/fc) into : 

((m - l)/fc)log2((ni - l)/k) = (m/fc)log2(ni/A:) - (1/n) log2(ni/fc) 

Similarly, the one of cq becomes 

((no + l)/fc)log2((no + l)/k) = (no/k)log2(no/k) + (l/k)log2(no/k) 

In total, (l//c)(log2 no — log2 ni) is reduced from the entropy by this change. If 
there are Vij changes from c, to Cj, then the amount {l/k)SijVij x (log2 nj — 
log2ni) is reduced. 

4.4 Preserving the Usefulness 

What we have described so far is how to relax T to obtain sufficiently useful 
decision trees, but as pointed out, we want to obtain useful ones. That means we 
have to avoid the drastic reduction of the entropy. In this subsection, we sum- 
marize the change of entropy from several aspects and discuss how to combine 
them into our new algorithm. 

By changing class membership based on relaxing the attribute values on 
A, we lose {l/k)SijVij x (log2Uj — log2ni) from the original (very beginning) 
entropy E(T). This is the one we have to watch. Here we give a global threshold 
ratio f) (0.0 < (3 < 1.0) and we will accept the change if E{T) changes within 
this ratio, that is to say : 



\{l/k)Ei^jV^j X (log2nj -log2n*)|/|U(r)| < (3 

If the change is unacceptable, we will stop the process since the reason comes 
from the way to cluster values. 

Let us discuss the net effect against the selection steps of attributes to a set 
S of rows. As for Ea{S), we have already discussed the amount of the change of 
the entropy on A. Now let us discuss Eb{S) where B is different from A but will 
be relaxed in future or the one already processed before. We assume that Eb{S) 
has been already obtained for the purpose of the attribute selection. Whenever 
we change the class membership, we will examine H-values (or B = ”6^”) and 
count the number vfj of the changes from Ci to Cj to each bw The total amount 
of the reduction of the entropy is summarized as below : 

X (log 2 nj - log 2 n“) 

where nf is the number of the rows of the class Cj in the group component by 
B = and rriw the cardinality of the component. 

By this result we can examine whether the change amount falls into the 
allowable range compared to the best optimized selection in the original decision 
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trees. For this purpose we give a selection threshold ratio 7 (0.0 < 7 < 1.0), and 
we will examine whether the ratio of the change by the original Eb{S) is within 
7. If it is not the case, we will go back to the attribute selection steps in a 
recursive manner. 

For the attributes that are not-yet-selected, this result allows us to avoid the 
recalculation for the selection of attributes in repeated processes. 

4.5 New Decision Tree Algorithm 

Now let us describe our new decision tree algorithm by putting all the con- 
siderations together into one. Our new decision trees can be generated by the 
following algorithm NDT(5', AT, AL) where S means a set of rows, AT a set of 
attributes and AL a set of conditions. We have three threshold values a (prun- 
ing ratio), (3 (global threshold) and 7 (selection threshold). A table T is given 
as an input over a set of attributes Ai, .., A„, and we start the algorithm with 
NDT(T, {Ai, .., A„}, (()). If it terminates successfully, we get the tree conditions 
and the corresponding classes of the paths ai(<ii), ..., ak{dk) as before. 

(1) If all the rows in S belong to an identical class d, we return AL{d) successful- 
ly. If all the rows are identical but of different (consistent) classes, we change the 
class membership by the least general class and count the number of changes. If 
the amount of the change goes beyond the (3 ratio, we quit the process for the 
failure. If the amount goes beyond the attribute selection ratio, we will return 
to the attribute selection steps in a back-track manner. 

(2) Assume otherwise. First we calculate all the Ea{S) for all the attributes A 
that are not-yet-processed. 

(3) If the partial tree is not within allowance level defined by a, 

(3.1) Select an attribute A of the minimum gain and relax it. 

(3.2) Rewrite attribute values on A and adjust the change of the entropy. 

(3.3) If there happen duplicate rows of disjoint classes, we change the class mem- 
bership and count the number of changes according to the attribute values. If 
the amount of the change goes beyond the f3 ratio, we quit the process for the 
failure. If the amount goes beyond the attribute selection ratio, we will return 
to the attribute selection steps in a back-track manner. 

(3.4) Adjust all the Ea{S) values and go back to (1). 

(4) The tree is now allowable, and select an attribute A G AT of the maximum 
gain. 

(4.1) Make grouping of S' on A into Si, .., Sw Each Sj is generated by the con- 
dition A = ’’oj” to S. 

(4.2) For each Sj, do NDT(Sj, AT — {A}, ATU{A = ”0^”}) in a recursive manner. 
If it comes back to re-select attributes, goto (2). 

(4.3) Collect all the results as ALi{di) V ..S ALyj{dw). If some Sj fails, we regard 
the result as distinct undefined class. 

(5) If AT is empty, return fail. 

The steps (4) to (5) are the same to the original except re-selection of at- 
tributes. Note the relaxation changes the contents of the processes while the 
duplicate calculations are carefully avoided. 
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Example 4-4- Here we assume a = 1.0, (3 = 0.15 , 7 = 0.15, and we may have the 
height 3. 

With the initial entropy 1.265982 of the input and the ISA hierarchy, we select 
Temperature as the first attribute to be examined with the minimum entropy 
0.637596. 

With Temperature = High, NOT generates two branches on WindForce iwth the 
entropy 0.0: windForce=Very Windy {Half Class) and WindForce=Breeze {Held 
Class) . 

With Temperature=Low, NOT generates 3 branches on WindForce with the 
entropy 0.452846: Breeze (this causes duplicate rows since Weather values are 
identical, but we get Held class because of Half and Held class membership), 
Windless {Held class) and Windy. The case Windy generates the new branches 
on Weather. The attribute values are Cloudy and Rainy which are unified as 
DontCare and so is true for the class membership DontCareRace. And the process 
terminates with the allowable thresholds. The readers can check the final result 
more easily: 



{Temperature) 




V eryHigh 




No 


Medium 




Held 


V eryLow 
High 


{WindForce) 


No 




V eryWindy 


Half 




Breeze 


Held 


Low 


{WindForce) 

Windy 


DontCareRace 




Breeze 


Held 




Windless 


Held 



When we assume a = 1.0, /3 = 0.08 , 7 = 0.15 and a = 0.5, (3 = 0.08,7 = 0-15 
respectively, we have two distinct results of the height 2 : 
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□ 
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5 Experimental Results 

We examined Car Evaluation Database in ML Library by which we rank accept- 
ability of cars according to price and technical quality. The database contains all 
the 1728 combinations over 6 attributes without any noise, duplicate nor missing 
values. The decision depends on buying (buying price; vhigh, high, med, low), 
maint (price of the maintenance; vhigh, high, med, low), doors (number of doors; 
2,3,4, more), persons (capacity in terms of persons to carry; 2, 4, more), lug-boot 
(the size of luggage boot; small, med, big) and safety (estimated safety of the car 
; low, med, high). Decisions consist of unacc (unacceptable), ace (acceptable), 
good and vgood (very good). 

We added ISA hierarchy (50 relationships) among types/classes: buying (9 re- 
lationships/4 level), maint (9/4), doors (9/4), persons (4/3), lug-boot (5/3), safety 
(5/3) and decisions (9/4). Below is a decision hierarchy: 

unacc ISA BadCar, acc ISA DkCar, good ISA DkCar, 

vgood ISA ExcellentCar , BadCar ISA Worthless, OkCar ISA Worthy, 

ExcellentCar ISA Worthy, Worthless ISA DontCare, Worthy ISA DontCare 

By using C4.5, we got 182 branches (from the root to leafs) with the height 

5 and 3.77, of error-ratio after pruning. 

On th eother hand, in our approach with a = 1.0, /? = 0.15, 7 = 0.15, we got 
102 branches (rules) of the height 6 as below: 

unacc (27), acc (26), good (0), vgood (2), BadCar (0), OkCar (9), ExcellentCar 
(0), Worthless (0), Worthy (6), DontCare (32) 

This says we got much simplified decision rules by introducing the hierarchy 
with the allowable reliability. However we found 32 rules of DontCare for this 
simplification which means we lose some decision because of the abstraction 
though the decision tree is not incorrect. 

6 Related Works 

Knowledge discovery in databases (KDD) is one of the hot research topics and 
now focused by many database researchers[l,3,4,8,15,18]. It is nothing but knowl- 
edge acquisition activity but differs from using database as background (domain) 
knowledge. KDD processes could be captured as general framework for meta- 
model manipulation [6]. Rules queries on databases are interpreted as rules/con- 
straints discovery and knowledge acquisition as scheme discovery. Then very 
ambitious paradigm might be established and applied to wide range of applica- 
tions. Series of works show how to obtain new database schemes that are suitable 
for current database instances[ll,9,10,12,19,13]. 

From the viewpoint of machine learning, a theory of logic-based inductive in- 
ference has the strong relation with KDD[18]. However utilized is only the scheme 
information but not characteristics of instances nor domain-specific knowledge 
except a few [7]. It is not easy to discover implicit conditions to give property 
values, but there exist quantitative and qualitative methods as well known[3,18]. 
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7 Conclusion 

In this work, we have proposed a new classification methodology for the purpose 
of precise and useful decision trees. Our new decision tree algorithm utilizes the 
background knowledge of databases, that is, we relax the attribute values and 
class membership while keeping the quality of the trees in a sense of entropy. 
Although the algorithm takes more than polynomial time in the worst cases, the 
duplicate calculation could be carefully avoided. 
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Abstract. We introduce the paradigm of High-Level Logic Program- 
ming. This paradigm is the consolidation of our recent results on dis- 
junctions, sets, partial-order clauses and aggregation. We show how these 
concepts are integrated in a natural way into the standard logic program- 
ming framework. For this purpose, we present several well known exam- 
ples from the literature that support this claim. Our approach to define 
the declarative semantics of HLL (High-Level Logic) programs consists 
on a translation of them to datalog disjunctive programs and then to use 
Dl-WFS-COMP. 

1 Introduction 

The evolution of this research is shown in the papers [15,16,17,18,27,23,28,24,26], 
[25]. The aim of our research is to define high-level logic programming that 
includes negation, disjunctions, sets and partial-order clauses [17]. One main goal 
is to model set-of and aggregate operations, which are of considerable interest 
in deductive databases. A central concept in most of the works that include sets 
is one which we call collect-all. This concept has independently been adopted 
by several languages, e.g., SEL [18], SuRE [16], COL [2], Relationlog [21] and 
LDLl [3]. The idea is that a program needs only to define explicitly what are 
the members of the set and, by assuming a closed world, the set becomes totally 
defined. Moreover, all the just mentioned works, have defined a precise semantics 
for restricted classes of programs and they agree on the common subclasses. Also, 
a common assumption is to consider only finite sets. 

From our research of the following works on sets and aggregation: [18,16,2,21], 
[31,13,17,30,10,19,29] we have obtained a partial definition of the intended se- 
mantics of a POL program (a restricted form of a HLL program). One important 
goal is to find a pair < transl, SEM >, where transl is a computable function 
from the class of POL programs to the class of normal programs such that the 
semantics of the translated programs, given by SEM, is consistent with the in- 
tended semantics of the original program. In [27] the authors gave a first major 
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step finding such a suitable pair < transl, SEM > for the restricted class of 
cost-monotonic POL programs. In this case SEM came out to be WFS+ [11]. 
The class of cost monotonic programs is actually a large class that includes most 
of the examples and classes considered in the literature. Moreover, the semantics 
SEM of cost-monotonic programs can be computed efficiently, without having to 
translate the given POL program to its respective normal program [17,26]. Our 
current research suggests that also many non cost-monotonic POL programs 
that have a clear intended meaning, as the difficult examples suggested in [31] 
can be correctly expressed using the pair just mentioned. 

In this paper we discuss that the semantics Dl-WFS-COMP defined in [1] 
can also via used to express the semantics of POL programs via the alEtrans 
translation defined in [24]. Since Dl-WFS-COMP allows disjunctions then Dl- 
WFS-COMP can be used to provide a declarative semantics for HLL programs, 
i.e. extended partial-order programs with disjunctions. 

2 High-Level Logic Programs 

We will now give a brief informal introduction to HLL programs to give an in- 
tuition of the style of programming in this language and also to provide some 
context for discussing the semantic issues it raises. HLL clauses have the struc- 
ture of normal clauses [20], i.e., they are of the form: 

j4i, . . . , Li, . . . , Ljji 

where Ai; . . . represents the disjunction Hi V ... V which is the head of 
the clause, Li, . . . , L^ its body, and m > 0. Each (1 < z < n) is an atom, and 
for each (1 < z < m) is a literal (an atom or the negation of an atom). Atoms 
could be as usual, i.e. of the form p{t), where p is a user-defined predicate, but 
also we have two new forms of atoms, f(t) = e and /(t) > e, where / represents 
a user-defined function. Note that t represents a tuple of terms; and e represents 
an expression, which is a composition of user-defined functions. A High-level 
logic program is a set of program clauses. 

The ‘logical’ view of logic programming is that a program is a theory and com- 
putation is logical inference. In the classical approach to logical programming, 
the inference mechanism is faithful to logical consequence in classical first-order 
logic. This paper adopted the canonical model approach, where the inference 
mechanism is faithful to truth in the “intended” model of the program. 

To represent finite sets, we use two constructors, {a;\t} and (j). The nota- 
tion {a;\t} refers to a set in which x is one element and t is the remainder 
of the set. We permit as syntactic sugar {expr} to stand for {expr \4>}, and 
{ei, 62 , . . . , Cfe}, where all Cj are distinct, to stand for {ei\{e 2\ . . . {efc\<('}}}. 
To illustrate the set constructor, matching {X\T} against a ground set {a, b, 
c} yields three different substitutions, {X ^ a, T ^ {b, c}}, {X ^ b, T ^ {a, c}}, 
and {X ^ c,T ^ {a, b}}. One should contrast {X\T} from {X} U T. 

We now present several examples to explain the paradigm. 
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Example 2.1. The definition of set-intersection shows how set patterns can fi- 
nesse iteration over sets (the result is ^ if any of the input sets is (j), as desired) : 
intersect({X\_}, {X\_}) > {X}. 

This function works as follows: For a function call intersect({l, 2, 3}, {2, 3, 4}), 
we have the following two clauses: intersect({l, 2, 3}, {2, 3,4}) > {2}, and 
intersect({l, 2, 3}, {2, 3, 4}) > {3}. Since the lub of {2} and {3} is {2,3}, we 
obtain intersect({l, 2, 3}, {2, 3, 4}) = {2,3}. 

Example 2.2 (Reach, [26]). The definition of a transitive-closure operation using 
partial-order clauses illustrates a basic use of the paradigm. The function reach 
below takes a node (in a directed graph) as input and finds the set of reachable 
nodes from this node. 
reach(X) >{x}. 

reach(X) > reach(Y) ^ edge(X,Y). 

As the graph may be cyclic, our intended operational semantics employs mem- 
oization in order to detect cyclic function calls that may arise. 

Example 2.3 (Nullahles) . For a more substantial example of transitive-closures 
and one which combines set-terms, predicates and partial-order clauses, we define 
below the set of its nullable nonterminals of a context-free grammar. 
grammar({[p,q], [q], [r,a]}). 
belongKleene([ ], _). 
belongKleene([X], {X\_}). 

belongKleene([X, Y|Z], S) <— belongKleene([X], S), belongKleene([Y|Z], S). 
null({[H|R]\_}) > {H} <— grammar (G) , null(G) = S, belongKleene (R, S) . 

For convenience, we represent the production rules of the grammar as a set of 
lists, where each list represents a rule: the first element of the list is the left- 
hand side of the rule and the rest of the list is right-hand side of the rule. In 
this example our set of productions is {p — > g, g — > e, r ^ a}. The predicate 
belongKleene (X, S) is true if XGS*, where the string X is represented by a list, 
and S is a set. The function null computes the set of nullables of grammar, i.e. 
the set of nonterminal symbols such each of them derives the empty string. 

The following example is taken from [31], where Van Gelder classifies it as 
not monotonic and he claims that it appears to make intuitive sense. 

Example 2.) (Party Invitation Problem, [31]). 

accept (X) ^ rel-all(X) = S, sum 2 (S) > 0. 
rel-all(X) > {[Y,C]} ^ accept(Y), compatible(X,Y,C) . 

The above clauses express the criterion that a person will attend a party if he 
or she has sufficient compatibility with the rest of the people coming to the 
party. We express this criterion by requiring that the sum of all compatibilities, 
positive and negative, to be nonnegative. We omit the definition sum 2 and we 
assume that its intended meaning is to add the second argument of every element 
is S. Consider the database of facts: 
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compatible (a,b, 1) . compatible (a, c , 1) . 
compatible (b, a, 1) . compatible (b, c , 1) . 

The intended semantics of the program (as suggested in [31]) defines all 
accept (a), accept (b) and accept (c) to be true. That is exactly what we 
get in our approach. 

In the following example we note that our inequalities can be used to define 
functions over different domains, not just finite sets. 

Example 2.5 (Shortest Distance). The formulation of the shortest-distance prob- 
lem is one of the most elegant and succinct illustrations of partial-order clauses: 
edge(a,b, 1) . 
edge (a, c, 2) . 
edge(b,d,5) . 
edge(c,d,3) . 
edge(d,a, 1) . 

short(X,Y)<C ^ edge(X,Y,C). 
short(X,Y) < C+short(Z,Y) ^ edge(X,Z,C). 

This definition for short is very similar to that for reach. The relation 
edge(X,Y,C) means that there is a directed edge from X to Y with distance 
C. which is non-negative. A possible interpretation to our program is obtained if 
we let short (A, y)=0, for every pair of vertices X,Y. However, this is not the 
intended model. In the intended model, short (a,b)=l , short (a,d)=5, and so 
on. The reader should wait to the next section to fully understand the semantics 
of these programs. Finally, note that the domain of the short function is totally- 
ordered. This knowledge can be used to tailor a very efficient implementation 
for this program, resembling Dijkstra’s algorithm (see [25]). 

Example 2.6 (Travel, [4]). 

visit-europe(john) ; visit-australia(john) . 
happy (X) V- visit-europe (X) . 
happy(X) ^ visit-australia(X) . 

bankrupt(X) <— visit-europe (X) , visit-australia(X) . 
prudent (X) <— ^ visit-europe (X) . 
prudent (X) v- ^ visit-australia(X) . 

dissappointed(X) ^ ^ visit-europe (X) , ^ visit-australia(X) . 
According to [4] we expect that prudent (John) to be true, ^ dissapoint- 
ed(john) to be true, and ^ bankrupt (John) to be true. We get these results 
with our approach. 

The following is a well known example that can not be handled adequately by 
Circumscription. 

Example 2.1 (Poole’s Broken arm, [8]). 

left-use(X) ^ ^ ab(left,X). 
ab(left,X) left-brok(X) . 
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right-use (X) ^ ab (right, X). 

ab (right, X) right-brok(X) . 

lef t-brok(f red) ; right-brok(f red) 
make-cheque (X) <— left-use (X). 
make-cheque (X) right -use (X) . 

disabled(X) ^ left-brok(X) , right-brok(X) . 

The well known semantics D-WFS and DSTABLE derive that Fred is not dis- 
abled (see [8]). We get the same answer in our approach. Moreover, DSTABLE 
(but not D-WFS) derives that Fred can make out a cheque. We get also this 
result in our approach. 



Example 2.8 (Basic- Disjunctions). 

h(al) . h(a2) . h(b) . 

p(al); q(al) . p(a2); q(a2) . 

c(X) ^ ^ p(X) , ^ q(X) . s(l) > {X} ^ ^ c(X) , h(X) . 

Due to the disjunction p(al) ; q(al) we expect that c (al) is false. For a similar 
reason c(a2) should be also false. Since h(al) as well as h(a2) are both true 
then s(l) > {al,a2} must be true. On the other hand, by negation as failure, 
c(b) should be true and hence we expect s(l)={al,a2} to be true. This how 
behaves our declarative semantics. 



Example 2.9 (Partial- order disjunctions). 
s > {!}; s > {2}. s > {3}. 

Our declarative semantics defines s > {1 , 3} ; s > {2,3} to be true, s = {1,3}; 
s = {2,3} to be false and finally s = {1,3}; s = {2,3}; s= {1,2,3} to be 
true. We claim that this is the intended meaning of the program. 

3 Declarative Semantics 

We first introduce the declrative semantics for disjunctive propositional pro- 
grams. Then we show how define the declarative semantics of any high level 
program. 



3.1 Propositional Programs 

We may denote a (general) clause C as: oi; . . . ; am ^ h, ■ ■ ■ Jn, where m > 0, 
n > 0, each is a propositional atom, and each li is a propositional literal. 
When n = 0 the clause is considered as oi V ... V Um ^ true, where true is a 
constant atom with its intended interpretation. Sometimes, is better to denote 
a clause by A^B^, ^B~, where A contains all the head atoms, contains 
all the positive body atoms and B~ contains all the negative body atoms. We 
also use body{C) to denote B~^ U ~^B~ . When A is a singleton set, the clause 
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reduces to a normal clause. A definite clause ([22]) is a normal clause lacking of 
negative literals, that is B~ = 0. A pure disjunction is a disjunction consisting 
solely of positive or solely of negative literals. A (general) program is a finite 
set of clauses. As in normal programs, HEAD{P) to denote the set of atoms 
ocurring in heads in P. We use \= to denote the consequence relation for classical 
first-order logic. It will be useful to map a program to a normal program. Given 
a clause C := A ^ we write dis-nor(C) to denote the set of normal 

clauses: 

{a ^ B^ , ^(^~ U (-^ \ {o})l® € “4}- 

We extend this definition to programs as follows. If P is a program, let dis-nor(P) 
denotes the normal program: (JceP dis — nor(C). Given a normal program P, we 
write Definite(P) to denote the Definite program that we obtain from P just by 
removing every negative literal in P. Given a Definite program, by MM(P) we 
mean the unique minimal model of P (that always exists for definite programs, 
see [22]). 

Definition 3.1 (Definition of def and sup). 

Let P he a normal program. Let a be an atom in a given signature C ( such that 
Bp L), by the definition of a in P, we mean the set of clauses: {a ^ body € 
P}, that we denote by def (a). We define 

suv(a)-=i ifdef{a) = % 

' ( bodyi V ... V bodyn otherwise 

where def (a) = {a ^ bodyi, ■ ■ ■ ,a ^ bodyn} 

Definition 3.2 (comp(P) ([9])). 

For any normal program P, we define comp(P) over a given signature C (where 
Bp C B) as the classical theory {a ^ sup{a) : a G 

We use an example to illustrate the above definitions. Let P be the program: 
p;q^ ^r. 
p ^ s,^t. 

Then HEAD{P) = {p,q}, and dis — nor{P) consists of the clauses: 

P ^ ^r,^q. 
q^ ^r,^p. 
p ^ s,^t 

Definite{dis — nor{P)) consists on the clauses: 
p ^ true. 
q ^ true. 
p ^ s. 

MM(Definite(dis-nor(P)))={p,q}. Finally, comp(dis-nor(P)) over Bp consists 
on the formulas 
p <-> true V s. 
q <-> true. 

^ In the standard definition C is Cp. Our paper requires this more general definition 




232 



Mauricio Osorio and Fernando Zacarias 



r <-> false. 
s false. 

What are the minimal requirements we want to impose on a semantics for 
disjunctive programs? Certainly we want that disjunctive facts, i.e. clauses in 
the program with empty bodies to be true. Dually, if an atom does not occur 
in any head, then its negation should be true. These ideas are straightforward 
generalizations of the case on normal programs. 

Definition 3.3 (Semantics ([5]). 

A semantics over a given signature C, is a binary relation between logic 
programs and pure disjunctions which satisfies the following conditions: 

1. If P\~s ce and a C a', then P \~s a' . 

2. If A ^ true € P for a disjunction A, then P hg A. 

3. If a ^ HEAD{P) for some atom a, then P \~s ~^a. 

It is an implicit assumption that every atom that occurs in P, ex, a' , A, or 
a must belong to C. 

For any program P we define its minimal semantics as: 

SEMmin{P, I^) '■= {^1 A is a pure disjunction that belongs to every semantics 
over C of P} 

This means that the minimal semantics of a program is defined only by the 
rules 1,2 and 3 just defined. For normal programs we defined a semantics as a 
binary relation between normal programs and literals that satisfies rules 2 and 3 
given above, that is, we get rid of rule 1. For rule 2 note that of course A reduces 
to an atom. 

Again, the key concept of this approach is the idea of a transformation rule. 
The following transformations are defined in [5,8] and generalize the corre- 
sponding definitions for normal programs. 

Definition 3.4 (Basic Transformation Rules). 

A transformation rule is a binary relation on Progc. The following transforma- 
tion rules are called basic. Let a program P G Progc be given. 

RED+: Replace a rule A ^ by A ^ B^ ,^{B~ f] HEAD{P)). 

RED~: Delete a clause A ^ B~^,^B~ if there is a clause A' ^ true such that 
A' CB-. 

SUB: Delete a clause A ^ B^, ~^B~ if there is another clause Ai ^ B^ , ~^Bf 
such that Ai C A, B^ C B'^ , Bf C B~ . 

Example 3.1 (Transformation). 

Let P be the program: 
a; b < — c, ^c, ^d. 
a; c ^ b. 
c; d ^e. 
b < — ^c, ^d, ^e. 
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then HEAD{P) = {a, b, c,d}, and 
SEMrmn{P.Cp)=%. 

We can apply RED+ to get the program Pi: 
a; b < — c, ^c, ^d. 
a; c <— b. 
c; d <— true. 

b < — ^c, ^d, ^e. 

If we apply RED+ again, we get program P2: 
a; b < — c, ^c, ^d. 
a; c ^ b. 
c; d ^ true. 
b <— ^c, ^d. 

SEMrmn{P 2 ,Cp) = {{c, d}, {c, d, a}, {c, d, b}, {c, d, a, b}, {^e}, . . . , 

{^a, ^b, ^c,^d, ^e}}. 

Clearly {c, d, a} G SEMjnin{P 2 , Pp) means that cV dV a is a consequence in 
SEMrain{P 2 ,Pp)- Now, we Can apply SUB to get program P3: 
a; c <— b. 
c; d true. 
b <— ^c, ^d. 

We will refer to this example again, that we will start calling our basic example. 

Obviously, the just mentioned transformations are among the minimal re- 
quirements a well-behaved semantics should have (see [12]). For this reason, ev- 
ery semantics presented in this paper will be invariant under the transformations 
RED+, RED" and SUB. 

The following transformations are defined in [5,8]. 

GPPE: (Generalized Principle of Partial Evaluation) Suppose P contains A 
<— and we fix an occurrence of an atom g G P'*'. Then we replace 

A ^ B^, ~^B~ by the n clauses {i = 1, . . . , n) 

A U (A\{ff}) ^ {B^\{g}) u P.+, -P” u ^B- 

where Ai <— G P, (for i = 1, . . . , n) are all clauses with g G Ai. 

If no such clauses exist, we simply delete the former clause. 

TAUT: (Tautology) Suppose P contains clause of the form: A ^ B^ , ~^B~ and 
A n P+ yf 0, then we delete the given clause. 

Let CPi be the rewriting system which contains, besides the basic transfor- 
mation rules, the rules GPPE and TAUT. This system is introduced in [5] and 
is confluent and terminating as shown in [6]. 

Definition 3.5 (D-WFS). The disjunctive wellfounded semantics D-WFS is 
defined as the weakest semantics satisfying SUB, RED~^ , RED~ , GPPE and 
TAUT. 
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Let us note that although the C5i system has the nice property of confluence 
(and termination), its computational properties are not that efficient. In fact, 
computing the normal form of a program is exponential (even for normal pro- 
grams, whereas it is known that the WFS ([14]) can be computed in quadratic 
time). 

We introduce our proposed semantics Dl-WFS and Dl-WFS-COMP and give 
some important results about them. Dl-WFS generalizes a system introduced 
in [7] from normal to disjunctive programs. Unless stated otherwise we assume 
that every program is a disjunctive program. 

Definition 3.6 (Dloop). 

For a program P, letunf{P) := Lp\MM{Definite{dis—nor{P)). The transfor- 
mation Dloop reduces a program P to Pi:= {A ^ , ~^B~\ nunf{P) = 0}. 

We assume that the given transformation takes place only if P ^ Pi. 

Let Dsuc be the natural generalization of sue to disjunctive programs, for- 
mally: 

Definition 3.7 (Dsuc). 

Suppose that P is a program that includes a fact a ^ true and a clause A ^ 
Body such that a G Body. Then we replace this clause by the clause A ^ 
Body \ {a}. 

Definition 3.8 (CS 2 )- 

Let CS 2 he the rewriting system based on the transformations SUB, RED'^ , 
RED~ , Dloop, Dsuc. 

Theorem 3.1 (Confi. and termination of CS 2 )- 

The system CS 2 is confluent and terminating. It induces a semantics that we 
call Dl-WES. If we consider only normal programs then its induced semantics 
corresponds to the well-founded semantics. 

Proof: (Sketch) It is easy to verify that each pair of transformations is confluent 
(also a given transformation with itself). So, the system is confluent. It is also 
immediate that every transformation reduces the size of the program, so we have 
termination. Finally, for normal programs, our system defines WFS, as shown 
in [1], Q.E.D. 

Consider again P from our basic example introduced before. As we noticed 
before, program P reduces to P3. But P3 still reduces (by RED“) to P4, which is 
as P 3 but the third clause is removed. ^From P4 we can apply a Dloop reduction 
to get P 5 : the single clause c]d^ true. P5 is the normal form of the CS 2 system. 

For this example it turns out that D-WFS is equivalent to Dl-WFS, but this 
is false in general. However for normal programs both systems are equivalent 
since they define WFS, but note that the normal forms for C5i and CS 2 are not 
necessarily the same. An advantage of CS 2 over C5i (again for normal programs) 
is that the normal form of CS 2 is polynomial-time computable (as shown in [7]), 
while computing the normal form of CSi is in general exponential (see [7]). 

We now define a very strong semantics that includes the power of comp. 
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Definition 3.9 (Dl-WFS-COMP). 

For every program P, we define DCOM P{P) := comp{dis—nor{normalcs 2 (P))) 
over Lp. We define Dl-WFS-COMP(P) as the set of pure disjunctions that are 
logical consequences of DCOMP(P). 

It is immediate to see that Dl-WFS-COMP is more powerful than Dl-WFS. 
Take for instance the program P: 
p; q ^ true. 

r ^ ^p. 
r ^ ^q. 

Then D-WFS(P) = {{p, q}, {p, q, r}} =D1-WFS(P), however, Dl-WFS- 
COMP (P) at least derives r. In this case Dl-WFS-COMP corresponds to STA- 
BLE, but this is not always true. Sometimes STABLE is inconsistent, while 
Dl-WFS-COMP is not. Consider P as: 
d; e 4— true. 

C 4— c. 
b ^ a. 
a ^ b. 
a ^ ^b, ^c. 

Note that STABLE is inconsistent while Dl-WFS-COMP is not. This is because 
DCOMP(P) is: 
d v-> ^e. 
e ^d. 
a (b V ^b). 
c ^ false. 

Due to its construction, we see that Dl-WFS-COMP is similar to STABLE. 
However, STABLE is inconsistent more often than Dl-WFS-COMP (at least for 
normal programs). 

3.2 Datalog Programs 

To obtain the semantics of a datalog disyunctive program, we first obtain the 
ground instanciation of the program and then we proceed as with propositional 
programs. For instance, the ground instanciation of program 2.6 is: 
visit-europe(john) ; visit-australia(john) . 
happy (John) v- visit-europe(john) . 
happy(john) v- visit-australia(john) . 

bankrupt (John) 4— visit-europe(john) , visit-australia(john) . 
prudent (John) 4 — ^ visit-europe(john) . 
prudent (John) 4 — ^ visit-australia(john) . 
dissappointedC John) 4^ ^ visit-europe(john) , 

^ visit-australia(john) . 

3.3 Semantics of High-Level Logic Programs 

The first step is to obtain the flattened form of every partial-order clause. Con- 
sider the following example: 
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f(X) > g(h(X)) ; f(Z) > {m(Z)} ^ 1(X). 
then its flattened form is: 

(f(X) > XI e- h(X)=X2, g(X2)=Xl ; 
f(Z) > Z1 ^ m(Z)= Z2, scons(Z2, 0, Zl)) ^ 1(X). 
where scons has its well known intended meaning, see [16]. The second step is to 
transform this formula to a disjunctive clause. With this same example, we get: 
f(X) > XI; f(Z) > Zl ^ h(X)=X2, g(X2)=Xl, 
m(Z)=Z2, scons(Z2, 0,Z1), 1(X). 

As the third step we translate the clause to its relational form. Again, using this 
example, we get: 

f>(X,Xl); f>(Z,Zl) ^ h^(X,X2), g=(X2,Xl), 
m=(Z,Z2), scons(Z2, 0, Zl), 1(X). 

These steps can easily be deflned for the general case. We suggest the reader to 
see [24] to check the details. 

The fourth step is to add axioms that relate the predicate symbols f= with 
f> for each functional symbol f. Let us consider again our example. The axioms 
for f in this case are as follows: 



(1) 


f= 


(z. 


S) 


f> 


(z, S), 


^ f 


>(z, S). 


(2) 


f> 


(Z, 


S) 


V- f> 


(Z,S1) , 


SI 


> s. 


(3) 


f> 


(Z, 


S) 


^ f> 


(Z,S1) , 


SI 


> s. 


(4) 


f> 


(Z, 


T) 










(5) 


f> 


(z,c) ^ 


l-h 

IV 

JSI 

0 


1), f>(z, 


C 2 ), 


lub(Ci,C 2 ,C) 



We understand that SI > S means that SI > S and SI yf S. And lub(Ci, (72, C) 
interprets that C is the least upper bound of Ci and € 2 - The first two clauses 
are the same (modulo notation) as in definition 4.2 in [31]. Clause (5) is not 
useful for total-order domains. It is easy to see that symmetric definitions can 
be provided for /< symbols. 

Now we need to instanciate the translated program. In this paper we restrict 
our attention to finite ground programs. By adding simple type declarations we 
can ensure to get a finite ground program. In this case, we borrow the declaration 
style of Relationlog and assume that the original program defines (as in our 
current example): 

TYPE a, b, c: el. 

PREDICATE l(el). 

FUNCTION f (onedigit) > {el}. 

FUNCTION h(onedigit) > {el}. 

FUNCTION m(onedigit) > {el}. 

FUNCTION g({el}) > {el}. 

So, with eight new constant symbols we can represent the codomain of s. There- 
fore, the definition of lub, scons and > can be given by a finite extensional 
database. Thus, we can now apply our approach as with finite propositional 
programs. 

Let us consider again the Reach program again. Assume also that we include 
its type definition as follows: 

TYPE 1,2,3: node. 
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PREDICATE edge (node, node) . 

FUNCTION r(node) ^{node}. 
r(X) > {X}. 

r(X) > r(Z) <- edge(X,Z). 

The relevant clauses of the translated program are: 

TYPE 1,2,3: node. 

PREDICATEedge(node, node), r>(node, {node}), r=(node, {node}), 
r>(node, {node}). 

PREDICATEscons(node, {node}), Iub({node}, {node}), {node} > {node}. 
r>(X,Y) <— sconsCX, 0, Y).^ 

r>(X,Z) ^ edge(X,Y),r=(Y,Z). 
r>(X,s). 

r>(Z, S) r>(Z,Sl), SI > S. 

r>(Z,S) ^ r>(Z,Sl), r>(Z,S2), Iub(Sl,S2,S) . 

r=(Z, S) ^ r>(Z, S), ^r>(Z,S). 

r>(Z, S) ^ r>(Z,Sl), SI > S. 

As alredy mentioned, the type restrictions are used to ensure that predicates 
Tub, scons and > can be defined by a finite datalog extensional database. For 
instance, for Tub we can declare: 

Iub(s, sl2, sl2). 

Iub(sl2, sl3, sl23). 

and so on. Where s represents the empty set, sl 2 represents the {1,2} set. We 
only need 8 constants to represent all our required sets. 

Now consider the following EDB respect to edge: 

EDBi = {edge(l,2). edge(3, 1).}. 

It turns out that WES defines a total model that agrees with the intended model. 
In this model r=(3, sl23) is true. STABLE as well as Dl-WFS-COMP define 
the intended model. Now, consider the following EDB: 

EDB 2 = {edge(l,2). edge(3, 1). edge(l,l).}. 

We expect to keep the same semantics and this indeed true for WFS, STABLE 
and Dl-WFS-COMP. Now consider the EDB: 

EDB 3 = {edge(l,2). edge(3,l). edge(2, 1).}. 

WFS defines most of the atoms as undefined and the stable semantics is incon- 
sistent. However Dl-WFS-COMP defines only one model, which is the intended 
model. Assume that we write rc for r>, re for r=, and rns for r>. Then, some 
rules that DCOMP produce of the above program are: 

rc(l,al) . 
rc ( 2 , a 2 ) . 
rc (3 , a3) . 

re(l,al) < — > (-rns ( 1 , al) ) . 
re( 2 ,a 2 ) < — > (-rns( 2 ,a 2 )) . 
re(3,a3) < — > (-rns(3,a3)) . 

rc(2,al) < — > ((re(l,al)) | (re(2,al)) | (rns(2,al))) . 

^ To get rid of the set-constructor that has a variable as an argument in r>(X, {X}). 
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rc(3,al) < — > ((re(l,al)) | (re(3,al)) | (rns(3,al))) . 
rc(l,a2) < — > ((re(l,a2)) j (re(2,a2)) j (rns (1 , a2) ) ) . 
rc(2,al2) < — > ((re(l,al2)) | (re(2,al2)) | (rc(2,al)) | (rc(2,al))) . 
re(2,al) < — > (-rns(2,al) & rc(2,al)). 

rc(3,al3) < — > ((re(3,al3)) | (rns(3,al3)) | (rc(3,al)) | (rc(3,al))) . 
re(3,al) < — > (-rns(3,al) & rc(3,al)). 

rc(l,al2) < — > ((re(l,al2)) I (re(2,al2)) I (rc(l,a2)) I (rc(l,a2))) . 
re(l,a2) < — > (-rns(l,a2) & rc(l,a2)). 

Our program has only one model, which is the intended model. 

We computed the semantics all our examples by hand and also by using 
several programs that our students have written as well as the theorem prover 
OTTER. 

4 Conclusion 

We presented our notion of high-level logic programming. It includes standard 
logic programming plus disjunctions, sets and partial-order clauses. We present- 
ed several and different challenging problems considered in the literature. Our 
approach defines the intended meaning of each of them. Our paradigm combines 
several ideas from our earlier work and it seems promising. Future research is 
required to fully understand it. 
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Abstract. In this paper we will investigate the novel concept of clausal 
deductive databases (cd-databases), which are special normal deductive 
databases - i.e. deductive databases which may contain default negation 
in rule bodies - over a meta-language with a fixed set of predicate 
symbols, namely dis, con, and some built-in predicate symbols. The 
arguments of the literals in are given by disjunctive and conjunctive 
clauses of a basic first-order language C (which are considered as terms in 
On the other hand, disjunctive deductive databases (dd-databases) 
extend normal deductive databases by allowing for disjunctions (rather 
than just single atoms or literals) in rule heads - next to default negation 
in rule bodies. 

We will present an embedding of dd-databases into cd-databases: a dd- 
database V is transformed into a cd-database , which talks about the 
clauses of - rather than just the literals. Thus, cd-databases provide 
a flexible framework for declaratively specifying the semantics of dd- 
databases. We can fix a standard control strategy, e.g. stable model or 
well-founded semantics, and vary the logical description for specify- 
ing different semantics. The transformed database usually consists of 
a part 2?® which naturally expresses the rules of V, and two generic parts 
which are independent of V: specifies logical inference rules like 

resolution and subsumption, and specifies non-monotonic inference 
rules like closed-world-assumptions . 

In particular we will show that the hyperresolution consequence operator 
Tf, for dd-databases without default negation can be expressed as a 
standard consequence operator Tpcd , for a suitable transformed database 
where = jjcwa _ 0 Jd-databases with default negation 

we can show that the semantics of stable models can be characterized 
by adding suitable sets and Moreover, we will define a new 

semantics for dd-databases which we will call stable state semantics; it 
is based on Herbrand states rather than Herbrand interpretations. 
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1 Introduction 

In the last twenty years the concept of relational databases has been extended in 
various ways, e.g. to deductive databases, object-oriented databases, and active 
databases [17,25]. Deductive databases [2] provide a very powerful formalism for 
representing knowledge in the form of facts - which correspond to the tuples 
in a relational database - and different forms of inference rules. The semantic- 
s of normal deductive databases with rules that may contain default negation 
in rule bodies, is well-understood, and it is defined using special concepts of 
non-monotonic reasoning. The most prominent approaches are the stable model 
semantics [8] and the well-founded semantics [24]. Disjunctive deductive databas- 
es [11] allow for disjunctions - rather than just single atoms or literals - in rule 
heads, next to default negation in rule bodies; thus it becomes possible to specify 
knowledge with uncertain conclusions. For disjunctive deductive databases, the 
situation is much more complicated; there exist various generalizations of the 
stable model semantics [16,5] and the well-founded semantics [11,1], including 
some semantics dealing with three or more truth values^. 

In this paper we will investigate the novel concept of clausal deductive data- 
bases, which are special normal deductive databases over a meta-language 
with a small set of predicate symbols which are talking about the clauses of a 
basic first-order language C. E.g., the following inference rule is an allowed rule: 

r = dis{Xd) ^ complement{Xd, Xc) A not con{Xc). 

The arguments of the so-called cd-atoms dis{Xd) and con{Xc) can be arbi- 
trary disjunctive or conjunctive formulas Xd,Xc € C, respectively. In addition, 
there are so-called bi-atoms, e.g. complement{Xd, Xc), subsumes{Xd, Xf) or 
resolvent{Xi, X 2 , Xd), with special built-in predicate symbols with a fixed, nat- 
ural interpretation known from predicate logic. The rule r above represents a 
closed-world-assumption for inferring knowledge (the disjunction Xd) in the 
absence of the complementary knowledge (the conjunction Xc)'^. 

CD-databases provide a flexible framework for specifying semantics of dd- 
databases in a declarative way. It is based on the idea of transforming a dd- 
database V into a cd-database , the cd -transformation of T>, and then defin- 
ing the (disjunctive) semantics of D based on a well-understood (normal) se- 
mantics for We will show that the (disjunctive) stable model semantics of 
D can be characterized by simply using the (normal) stable model semantics of 

. In a more refined approach we will use a special fixpoint condition based 
on for defining a new semantics, called stable state semantics, which is able 
to give plausible interpretations for dd-databases for which standard semantics 
(e.g. stable or partial stable models) are inconsistent, i.e. do not provide any 
interpretations. 

For some extensions of deductive databases without default negation we will 
show that it is possible to use the principle of reasoning known from the defi- 
nite consequence operator Tp, as given by Lloyd [10]. We will define a generic 

^ true, false, undefined, overdefined, etc. 

^ possible instantiations could be Xd = “'p(o) V -^q{b) and Xc = p(a) A q{b) 
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consequence operator T^’~ : 2'^ ^ 2'^ that is parameterized with a natural 
transformation, which maps D to a definite deductive database D®, and with a 
subsumption relation >. We will prove that T^'~ is monotonic and continuous 
on the lattice (2‘^, C ). Then the disjunctive hyperresolution consequence opera- 
tor : 2-°™ — > 2^™ of Minker and Rajasekar [13] for dd-databases V with- 
out default negation - whose disjunctive Herbrand base is denoted by Dhbxi - is 
formulated as a definite consequence operator T^’~ for T = {dis{a)\a G Dhb-o}- 
The transformation D® can be extended for the case of dd-databases with de- 
fault negation by adding a definite representation of the logical axioms for binary 
resolution and subsumption and by adding suitable closed-world-assumptions , 
cf. Reiter [18]. 

The advantage of transforming a disjunctive deductive database T> into a 
normal deductive database is that it becomes possible to use standard tech- 
niques for defining a semantics and standard tools for evaluating a database 
under this semantics [4, 15, 19, 23, 26]. In a first, prototypical implementation we 
have used the system Smodels developed by Niemela [15], which can compute 
well-founded and stable model semantics for normal deductive databases. 

Also other semantics of disjunctive deductive databases have been character- 
ized or computed based on transformations. E.g., Brass and Dix [1] have used 
partial evaluation for defining their disjunctive well-founded semantics] Seipel et 
al. [21] have used the tu -transformation for characterizing partial stable models] 
Fernandez et al. [6] and Seipel [22] have used the evidential transformation for 
characterizing total stable models, and evidential stable models, respectively. 

The rest of the paper is organized as follows: In Section 2 we present the 
syntax of dd-databases and the stable model semantics. In Section 3 we define 
the syntax of cd-databases, and we also define clausal Herbrand interpretations 
for dd-databases. In Section 4 we develop the generic Tp-operator, and we 
show how the disjunctive consequence operator can be formulated. Section 5 
deals with a characterization of the stable models semantics using clausal logic 
programming, and a generalization that is called stable state semantics. 



2 Basic Definitions and Notations 

2.1 Syntax of Disjunctive Deductive Databases 

Given a first order language C, a disjunctive deductive database (dd-database) 
V consists of logical inference rules of the form 

r = Al V . . . V Afc ^ Ri A . . . A Bm A not Ci A . . . A not C„, (1) 

where Ai, i G ( 1, fc), Bi, i G ( 1, m), and Ci, i G ( 1, n), are atoms in the language 
C, k,m,n G INq, and not is the negation-by-default operator.^ The set of all 

® By IN+ we denote the set { 1,2,3, ... } of positive natural numbers, whereas INq 
denotes the set {0,1,2,...} of all natural numbers, (n, m) denotes the interval 
{ n, n -b 1, . . . , m } of natural numbers. 
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ground instances of the rules in T> is denoted by gnd (T>) . A rule is called a fact 
if m = n = 0, and it is called a denial rule if A: = 0. A rule (or database) is 
called positive-disjunctive if it does not contain default negation (i.e. n = 0). 
It is called normal if fc = 1, and definite if A: = 1 and n = 0. A rule r of the 
form (1) above is denoted for short as 

r = Of <— /3 A not - 7, 

where a = Ai V . . . V Ak, = Bi A . . . A Bm, and 7 = Ci V . . . V Cn-'^ a is called 
the head of r, j3 is called the positive body, and not- 7 is called the negative body 
of r. 

The Herbrand base Hbx> of a dd~database T> contains all ground atoms over 
the language of T>, and Hlx) = Hbx> U { \ A G Hbx> } contains all literals 

over Hbx>. The semantics of dd-databases will be based on a set of ground 
disjunctions, a so-called Herbrand state, or a set of Herbrand interpretations. 

1. The disjunctive, the negative, the general, and the conjunctive Herbrand 
base of T> are given by Dhb-d, Nhb-u, Ghbti, and Chbx>, respectively: 

Dhbx> — { A\ V ... V A}^ I Aj G HB-[y, for iG (1,A:), A:G INq }? 

Nhbx> = { -lAi V ... V “lAfc I Ai G Hbd, for i G {1, k) , k G INq }, 

Ghbx> — { L\ V ... V T/j, I Li G Hlx>, for i €: {^, k) , k €: INg }, 

Ghbj) — { L\ a . , . a L}i, \ Li G Hlx> , for i G (1,A:), k G INq }■ 

2. An Herbrand state is a set S of formulas. It is called disjunctive, negative, 
general and conjunctive, if S' C Dhbx>, S C Nhbx>, S C Ghbd, and S C 
Ghbt>. respectively. 

We will sometimes also write Hbc, Hlc, Dhbc, Nhbc, Ghbc, and Ghbc, if we 
are interested in the language C rather than the database T>. Disjunctions and 
conjunctions will be treated like sets of literals. Thus, we will identify a dis- 
junction Li V . . . V Lfe G Ghbxi with its permutations T,r(i) V ... V L^(j^y The 
empty disjunction (conjunction) with k = 0 literals will be denoted by 
(□c). Note that Dd is an element of all of Dhbxi, Nhbxi, and Ghbxi, and that 
□c is an element of Ghbt>. Note also that singleton disjunctions or conjunc- 
tions with A: = 1 literals are identified with literals; as a consequence we get 
Ghbxi n Ghbx) = Hld. The common subsumption relation for ground disjunc- 
tions a = Li V . . . V L„ G Ghb-e), a' = Tj V . . . V L'^ G Ghb-o, is defined by 
a > a' iff { Li, . . . , Ln} C {L[, ... , L'^ }. The canonical form of a general Her- 
brand state S C Ghbx> is defined as the set can\y{S) of minimal elements of S 
w.r.t. subsumption, and the expanded form of S is defined as the set expj^(S) of 
all a G Ghbd that are subsumed by some a' G S: 

can^{S) = { a G S' I '^ol G S : yf a, > a }, 

ea;p|>(S) = { a G Ghbd \ 3a' G S : a' \> a}. 

^ Note that 7 is a disjunction, and, according to De Morgan’s law, not - 7 is taken to 
be a conjunction. 
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Obviously, it holds con>(S') CSC expj^{S). For a literal L e Hlt> we define the 
formal complement ^ ■ L = -<A, \i L = A £ Hbxi is an atom, and ^ ■ L = A, A 
L = -^A G Hlx> is a negated atom. For a general disjunction a = Li V . . . V G 
Ghb-d we define the conjunction 



■ Oi = ^ ■ (Fi V ... V Ljf) = ^ • Li A . . . A ^ • Lfc G Chbd 

to be the formal complement of a according to the De Morgan pattern, and 
likewise we define ^ ^ • Li V . . . V ^ for /? = Li A . . . A Lfc G Chbx>. 



2.2 Stable Model Semantics 

An Herhrand interpretation of a dd-database V is given by a subset / C Hbx>. 
It defines a mapping I: Hb-u { t, f } assigning a truth value “t” (true) or “f’ 
(false) to each A G Hbt>. 1(A) = t44>AG/. ® / satisfies of a ground rule 
r = Of <— /3 A not • 7 if 



I((3) A I(not- 7 ) = t 1(a) = t, 

where I (not - 7 ) = -<I('j). I is an Herhrand model of D if / satisfies all ground 
instances r G gnd (V) of the rules of T>. I is a, minimal model of D if / is 
an Herbrand model of T> and there is no other Herbrand model J of D such 
that J C I. The set of all minimal models of T> is denoted by A4M2(H>)- For 
positive-disjunctive deductive databases T> the semantics is given by MM^ifD). 

The semantics of dd~databases in general is defined based on a more general 
class of Herbrand models, the stable models. These are defined in terms of the 
minimal models M of the Gelfond-Lifschitz transformation (GL-transformation, 
[8, 16]) of T>, which is a special ground positive-disjunctive database derived 
from those rules of gnd (T>) whose negative body is true in M (i.e. Ci ^ M, for 
all Ci in not - 7 = not Ci A . . . A not Cn). 

Definition 2.1 (Stable Models, [8,16]). 

Let M be a Herbrand interpretation of a disjunctive deductive database T>. 

1. The GL-transformation of V w.r.t. M is 

T>^ = { a ^ (3 \ there exists a ^ (3 f\ not - 7 G gnd (V), 
such that M(not- 7 ) = t }. 

2. M is called stable model of D if M G MM 2 ('D^)- The set of all stable models 
of V is denoted by Stabc£ 2 (T>). 

® For Ai G Hb-d, i G ( 1, fc), and a connective © G { V, A} we define /( Ai ©. . .© Aj, ) = 
I(A\) © ... © I(Ak). For k — 0, the empty disjunction Dd (i.e. © = V) evaluates to 
/(□d) = f, whereas the empty conjunction Dc (i.e. © = A) evaluates to /(Dc) = t. 
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Example 2.1. For the dd-database 

Ewin = { win{X) ^ move{X,Y) A not win{Y) } U S', 

S={ move{a,b)y move{a,c), move{b,d), move{c,d) }, 

we get a set with two stable models, which coincide on the subset / of atoms: 

STABCS 2 {'Dujin) = { { move{a, b)}U I, { move{a, c) } U / }, 

/ = { move{b,d), move{c,d), win{b), win{c) }. 

For M = { move{a,b) } U / we get that M{not win{y)) = t iff y G {a,d}, and 
thus we get M e MM 2 (P^in) for the GL-transformation 

T^win = { win{x) ^ move{x,y) \ x G {a,b,c,d}, y G {a,d} } U S. 

All of the atoms in I and the disjunction move{a, b)\J move{a, c) are consequences 
of 'Dwin under the stable model semantics. 

3 Clausal Deductive Databases 

In the context of default negation and disjunction one can generalize the notion 
of a (total) Herbrand interpretation in two ways. 

Firstly, one can allow for a third truth value “u” (undefined), which leads 
to partial Herbrand interpretations I: Hbd { t, f, u }. If a semantics is given 
by a set I of partial Herbrand interpretations, then a general Herbrand state 
S C Ghbx) containing all disjunctive consequences a G Ghbx> that hold in all 
I £ I can be assigned to T>. Partial Herbrand interpretations have been used 
by Przymusinski, cf. [16], who generalized the concept of stable model to partial 
stable models. There exists a characterization of the partial stable models of a 
disjunctive deductive database V in terms of the stable models of a naturally 
transformed database cf. [21]. 

Secondly, a semantics can also be given by a set S of so-called clausal Her- 
brand interpretations, which are special general Herbrand states, without refer- 
ing to total or partial Herbrand interpretations at all. In this paper we will 
introduce the new concept of a clausal deductive databases, which are special 
normal deductive databases over a restricted set of predicate symbols. In Sec- 
tion 5, we will transform a dd-database T> into a corresponding cd-database 
and then derive the clausal Herbrand models of T> by simply applying the 
standard stable model semantics to . 



3.1 Partial and Clausal Herbrand Interpretations 

A partial Herbrand interpretation of a disjunctive deductive database T> is given 
by a subset I C Hlx> , such that I does not contain both an atom A G Hbx> and 
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its negation ~^A, i.e. I n = 0. It defines a mapping I: Hbd { t,f, u } on 
ground atoms by 

ft, iff yl e / 

I{A) = <^ f, iff G / 

[ u, otherwise. 

If for each atom A G Hbx>, I contains either A or ^A, then I defines a total 
Herbrand interpretation or Herbrand interpretation for short. In this case, it is 
sufficient to represent / by its set of true atoms (since there are no undefined 
atoms), which we did in Section 2. The truth values of disjunctions a G Ghbx> and 
conjunctions fd G Cke-p are defined based on the Boolean operations “V”, “A” 
and in three-valued logic, which are given in Figure 1. The truth ordering 
on the three truth values is given by f <t u <t t. 
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Fig. 1. Boolean operations in three-valued logic 



A clausal Herbrand interpretation is given by a general Herbrand state S C 
Ghbx) that is closed under binary resolution and subsumption. Obviously, we 
can abbreviate a clausal Herbrand interpretation S simply by its set can>(5') of 
minimal elements w.r.t. subsumption. If cani>(S') C Hlx>, then we can consider 
S' as a partial Herbrand interpretation I = can^{S) of T>. Conversely, a par- 
tial Herbrand interpretation / can be considered as a special clausal Herbrand 
interpretation exp^{I). Every set S of clausal (or partial) Herbrand interpre- 
tations defines a cFausal Herbrand interpretation S'^ = Cgg^S C Ghbd, where 

= Ghb-d, if S = 0 

The semantics of a disjunctive deductive database V will be given by a set 
S of clausal Herbrand interpretations, and a formula a is a consequence under 
S if a G S^. 



3.2 Syntax of Clausal Deductive Databases 

Consider a first order language C and the set Lite of all literals that can be 
built in the language C. Additionally, consider a set V of variable symbols for 
formulas. Disjunctive (conjunctive) formulas are defined inductively: every atom 
A G Lite and every A G V is both a disjunctive and a conjunctive formula, 
and, if ti, . . . ,tn are disjunctive (conjunctive) formulas, then so is V . . . V 
(tl A . . . A tn). 

A cd-atom is given by disftd) or con(tc), where td is a disjunctive formula 
and tc is a conjunctive formula. If Xd, X'^, X'f are disjunctive formulas, and 
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XctX'^,X” are conjunctive formulas, and X G Lite U V, then the following are 
built-in atoms (bi-atoms): 

positive{Xd), negative(Xd), 

subsumes{Xd, X'd), resolvent{Xd, X'd, X'd), empty -dis{Xd), 
conjunction{Xc, X'^, X”), empty .con {Xc), 
literal{X), complement{Xd, Xc). 

A clausal deductive database (cd-database) C consists of cd-rules of the form 

r = A <— Si A . . . A Bm A not Ci A . . . A not Cn, ( 2 ) 

where A is a cd-atom, and the Bi, i G ( 1 , m), and C\, i G ( 1 , n), are cd-atoms 
or bi-atoms, and not is the negation-by-default operator. A cd-rule is called a 
cd-fact if m = n = 0 . For example, the following is a cd-rule: 

dis{X'd V -ip(y, a)) ^ 

dis{Xd V q{c)) A subsumes{Xd, X'd) A 

complement {Xd, Xc A ~^q{d)) A not con{Xc A -'qid)) A 

not liter al{Xc) ■ 

Built-in predicate symbols are not allowed in rule heads, although built-in pred- 
icates could of course be defined by logical rules as well. For simplicity reasons, 
however, we assume that their definition is given by a standard built-in Herbrand 
interpretation 

= { positive(a) \ a G Dhbc } U { negative{a) \ a G Nhbc } U 

{ literal{'-f) \ j G Hbc } U { complement{a, -> • a) \ a G Ghbc } U 
{ empty .dis{Od) } U { empty .con{G\c) } U 
{ subsumes{a\, a2) \ ai,a2 G Ghbc, oi > «2 } U 
{ resolvent{A V ai, ~^A V a2> ai V 02) | A G Hbc, oi, 02 G Ghbc } U 
{ conjunction{f3i, (32, Pi A P2) \ Pi,P2 & Ghbc }■ 

The built-in predicate symbols conjunction and resolvent are not really neces- 
sary in cd-databases, since they can be replaced using the junctors “A” and “V”, 
respectively. However, it will be very convenient to have them. 

The ground instance gnd (C) of a cd-database C is obtained replacing all 
variable symbols for formulas by ground formulas from Ghbc U Ghbc and by also 
grounding the literals from Lite in C, such that the resulting rules are proper cd- 
rules.® For a general Herbrand state S C GHBe we define dis{S) = { dis{a) \ a G 
S } and con{S) = { con{Li A ... A Lk) \ Li G S D Hbe, for i G k G INq }. 

Note that con(Dc) G con{S). Finally, = dis{S) U con{S) U le denotes the 
total Herbrand interpretation of C that is derived from S. 



This implies that the obvious typing condition for variable symbols for formulas 
must be obeyed. 
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4 Clausal Deductive Databases Without Default 
Negation 

The idea of clausal logic programming without default negation will be based 
on the observation that the disjunctive hyperresolution consequence operator, 
which has been defined by Minker and Rajasekar [13] for positive-disjunctive d- 
eductive databases T>, can be formulated using a generic definite hyperresolution 
consequence operator which is parameterized with a suitable subsump- 

tion relation. Thus reasoning with disjunctive hyperresolution can be reduced to 
reasoning with definite hyperresolution on a suitable domain. For hypothetical 
and for probabilistic deductive databases, cf. [3,25], the generic operator T^'- 
can be used, too, which will be shown in another paper. 

We will consider the following definition^ of the disjunctive hyperresolution 
consequence operator 7^ : 2-°™ ^ 2^™ : 

r^(S') = {aVaiV...Va,„e Dhbv \ 

there exists a rule a <— i?i A . . . A Bm € gnd {V ) , 
such that { V ai , . . . , V am } C S' }. 

Minker and Rajasekar [13] have shown that T-^ is monotonic and continuous 
on the complete lattice® (2^™ > In [20], has been related to the model- 
generation operator of Fernandez and Minker [7], and it was shown that the 
latter is monotonic but not continuous. 



4.1 The Generic 7x> Operator 

Consider a deductive database V without default negation (e.g. a positive- 
disjunctive, probabilistic or hypothetical deductive database, cf. [20,25,3]), and 
a partial ordering O-u = {X,>) that is assigned to T>. The generic 7p-operator 

: 2 -^ ^ 2 -^ 

is based on a transformation “©” and the subsumption relation “>” of Ov- 
Firstly, T> is transformed, such that gnd (D®) consists of definite ground rules 
a <— (3i A . . . A Pm, where { a, Pi, . . . , Pm } C X. Secondly, a set Q X 
is expanded to a set exp^{X) = { a & X \ 3 a' & X : a' > a } C X , cf. 
Subsection 2.1. Then the ^-operator induced by (©, >) is 

T.^'-{X) = { a € X \ there exists a ^ Pi A ... A Pm € gnd (D®), 
such that { Pi, . . . , Pm} C exp^{X) }. 

^ It is equivalent to the definition of [13]. Since disjunctions are considered as sets of 
atoms, it is not necessary to work with smallest factors. 

® For a definition of monotonic and continuous operators T and complete lattices 
see Lloyd [10]. Continuity ensures that fixpoint iteration terminates with the least 
fixpoint of T within at most u> steps. 
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Theorem 4.1 (Properties of the Generic Tp Operator). 

The operator 7^’- : 2"^ — > 2"^ is monotonic and continuous on the complete 
lattice (2"^, C ). 

The proof is given in the appendix. The properties of fixpoint iteration with 
subsumption have also been analysed in [9] with special interest in the process 
of differential fixpoint iteration. 

4.2 Positive Disjunctive Deductive Databases 

For positive-disjunctive deductive databases T> we consider X = dis(DHBxi), and 
we will present two natural ways for formulating the disjunctive consequence op- 
erator 7^ as a generic Tp-operator. This gives an alternative proof that 7^ is 
monotonic and continuous. Moreover, in the next section the second transfor- 
mation will be extended to dd-databases with default negation. 



Transformation 1. The first approach uses the built-in predicate subsumes: 

= { dis{X) ^ dis{B\ V X) A ... A dis{Bm V X) A subsumes{a, X) \ 
there exists a ^ Bi A . . . A B^ G 1? } U , 

where G V is a variable symbol for formulas, and the common concept of 
subsumption for ground disjunctions a, a' G Dhbx> is used, i.e. a > a' iff a>a'. 
Then the Ti^-operator on disjunctive Herbrand states S can be characterized 
using the generic 7p-operator and the expansion for disjunctive Herbrand states: 

T^’-{dis{S) U 7^*) = dis{exp^{T.^{S))) U 

Example 4-1- For 7? = {aV6<— c, cVdjwe get 

I?® = { dis{X) ^ dis{c V X) A subsumes{a V b, X), 
dis{X) ^ subsumes{c\/ d, X) } U 7p. 

The rule dis{X) ^ dis{Bi V X) A subsumes{a, X) that is derived from aV b ^ c 
has one disjunction B\\/ X in its body, which extends Hi = c by some disjunction 
X that must be subsumed by a = a V 6. In a fixpoint iteration with T^'~, first 
the fact dis{c\/ d) is derived (amoung other facts). In the second iteration, using 
the ground instance dzs(a V bV d) ^ dis{c\J aVby d) A subsumes{a\J b,a\J bV d), 
which is obtained for = aVbV d, and the fact dis{cVd), it is possible to derive 
the fact dis{aV by d), since cy d>cy ay by d and subsumes{ay b, ay by d) G I^. 

Transformation 2. Another way of transforming a positive-disjunctive deduc- 
tive database T> is 

I?® = { dis{a V Ai V ... V Xm) ^ dis{B\ V Ai) A ... A dis{Bm V Xm) \ 
there exists a ^ Hi A ... A H^ G H }, 
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with variable symbols Xi G V {i G IN+) for formulas. If subsumption “>” for 
ground disjunctions a, a' G Dhbx> is defined as identity (where disjunctions are 
treated as sets), i.e. a > a' iff a = a' , then the disjunctive consequence operator 
on disjunctive Her brand states S coincides with the generic Tp-operator: 

Example J^.2. For D = {aV6<— c, cVdjwe get 

D® = { dis(a \l bV Xi) ^ dis{c V Xi), dis{c V d) }. 

In a fixpoint iteration with T^'~, first the fact dis{c\/d) is derived. In the second 
iteration, using the ground instance dis{a \/ b\/ d) ^ dis{c V d) of the first rule 
(obtained for Xi = d) and the fact dis{c V d), it is possible to derive the fact 
dis{a \/ bV d). 



5 Clausal Deductive Databases with Default Negation 

We will transform a disjunctive deductive database T> into a corresponding 
clausal deductive database V'^'^ = D® U U U /|(, which we call the 

cd -transformation oiV. It consists of four parts: a set 

D® = { dis{a V Xi V ... V Xm) ^ 

dis{Bi V Xi) A . . . dis{Bm V Xm) A 
not con(Ci) A ... A not con{Cn) \ 
there exists a ^ Hi A ... A Bm A not Ci A . . . A not C„ G D }, 

of rules obtained from V (by extending Transformation 2 of Section 4.2), with 
variable symbols Xi G V (i G IN_|_) for formulas, a set of logical rules for 

relating the predicate symbols dis and con, a set } with a closed- 

world-assumption, and the built-in interpretation /^ . The cd~facts in and 
the cd-rules in U are generic; they depend only on the Herbrand 

base Hbx), and not on the structure of the rules of T>. 

We will prove that the stable models of the cd-transformation correspond 

to the stable models of T>. Thus, we have shown a very natural way of computing 
the stable models of a disjunctive deductive database T> based on the stable 
models of a normal deductive database . Furthermore, we will extend the set 
StabcS 2 {'D) to a set SrABCScdiB) of so-called stable states, which are clausal 
Herbrand interpretations of V that are derived using a special fixpoint condition 
for Stable states form a useful new semantics for dd-databases, which is 
different from the stable model semantics. In contrast, the well-founded model 
Iwfs of which is the least partial stable model in the knowledge ordering, is 
not suitable for defining a state semantics. 
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5.1 The Generic Rules 

The following cd~rules represent closed-world-assumptions; they allow for deriv- 
ing certain disjunctions if their complemantary conjunctions cannot be derived: 



= dis{Xd) ^ 

negative(Xd) A complement{Xd, Xc) A not con(Xc), 

= dis{Xd) ^ 

positive{Xd) A complement{Xd, Xc) A not con{Xc), 
rlZ = dis{Xd) ^ 

complement{Xd, Xc) A not con{Xc). 

In we will only use the rule for deriving negative disjunctions a G Nhbxi ■ 
In a more general framework for extended-disjunctive deductive databases ([14]) 
one could as well derive positive or general disjunctions by a closed-world- 
assumption. 

The following axiomatic clauses in the set 

'Tslogic _ r logic logic logic logic logic l 
I res 1 sub ’ ' con J ’ lit > ' emp S 

describe the correlation between the atoms for disjunctions and conjunctions: 
rilT = dis{Xd) ^ 

dis{X'd) A dis{X'd) A resolvent{X'd, X'd, Xd), 

= dis{Xd) ^ 

dis{X'd) A subsumes{Xd, Xd) , 



= con{Xc) ^ 

con{X'c) A con{X'c) A conjunction{X'c, X”, Xc), 

= con{Xc) ^ 

literal{Xc) A dis{Xc), 

riZ; = con{Xc) ^ 

empty -Con{Xc). 

5.2 Two Valued Aualysis of 

We want to investigate the total Herbrand models / of the clausal deductive 
database Since / is total, it must assign one of the truth values t or f to 
each of the atoms dis{a) and con{f3), for a G Ghbd, (3 G Chbd - in particu- 
lar for literals A,-^A G Hlx>- Due to the subsumption rule it must hold 

I{ai V 02 ) = 4(ai) V I{a 2 ), for all 01,02 G Ghbx>. If I{dis{Od)) = t, then we 
define 7® = J^, where {A) = T, for all A G Hbxi, with a fourth truth value 
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T {overdefined) denoting inconsistency . is considered as a special total Her- 

brand interpretation of T>, where all atoms A are both true and false, and where 
J^(Dd) = t. If I{dis{Oj^)) = f, then / can be represented by an (ordinary) total 
Herbrand interpretation J® of T>, where 

7® (A) = I{dis{A)), for all A gHbv 

Conversely, a total Herbrand interpretation J of 7? defines an Herbrand inter- 
pretation J® of by 

J® {dis{a)) = J{a), for all a € Ghbx>, 

J^{con{/3)) = J{f3), for all /? G Chbv 

For a total Herbrand model I of it holds (7®)® = 7, and for a total Herbrand 
model J of T>, it holds (J®)® = J. A set 2 of total Herbrand models of can 
be represented by the set X® = { 7® | 7 G X } of Herbrand interpretations of T>. 

Theorem 5.1 (Characterization of Stable Models). 

Given a disjunctive deductive database T>, then it holds 

StabcS 2 {V^’^)'^ = StabcE 2 {'D) U j, where J = tb or J = {J^ }. 

The proof is given in the appendix. It would be possible to forbid (J^)® as a 
stable model of 7?'^'^ by adding one of the following rules to 7?'^'': 

r^cons = dis{cT) ^ 

dis{Xd) A empty jiis{Xd) A not dis{c-j), 
rilnf = ^ dis{Xd) A empty jdis{Xd). 

Ct is a new constant symbol for formulas that does not unify with any a G Ghbx> ■ 
^ams is a cd-rule, and is an equivalent denial rule, which is easier to 

understand, but is no cd~rule. 



5.3 Three Valued Analysis of 

In the following we will investigate the effects of the propagation rules 
and for disjunctions and conjunctions, respectively, and the closed-world- 
assumption in three-valued logic. We will see that the well-founded model 
Iwfs of the normal deductive database 7?'^'^ is not appropriate for designing a 
useful state semantics. Likewise, also the partial stable models of are not 
useful, since the well-founded model I^fs is the least partial stable model of 7?'^'^ 
in the knowledge-ordering®. 

® i.e. I„fs exactly is the set of consequences under the semantics of partial stable models 
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The Conjunction Rule Due to the partial stable models I exhibit 

the following behaviour for conjunctions P = Li A . . . A Lk G Chbx>'- 

I{con{P)) >t u 4=^ ( Vi G ( 1, fc) : I{con{Li)) >t u ). 

supports dis{^-Li V ... V ~-Lk), if I{con{P)) = f. In this case I{con{Li)) = f 
must hold for some i G ( 1 , A:), i.e. also supports dis{~^Li). In a state-based 
semantics it should be possible that the closed-world-assumption can support 
a negative disjunction dis{-<Ai V -1GI2) without supporting one of dis{-<Ai) and 
dis{-^A 2 ). For three-valued models I, such a behaviour is impossible. 

Example 5.1. The stable states semantics of I? = {a <— noth, b ^ not a} will be 
given by the three clausal Herbrand interpretations = { a, ^6 }, S'2 = { “'O, b }, 
and S3 = {-lO V ^ 6 }. S3 corresponds to the partial Herbrand interpretation 
I = S'g'^ of where dis{-^a V ^ 6 ) is derived since con{a A b) cannot be derived. 



The Resolution Rule has the following consequence for disjunc- 

tions 01,02 G Ghbx) and atoms A G Hbz>: 

If oi Vo2 is the binary resolvent of two disjunctions HVoi, ^HVo2, such 
that I(dis(AV ai)) >t u, I(dis(^AV 02)) >t u, then /(<izs(oi V02)) >t u. 

This is undesirable and unituitive since it could be the case that I{dis{A)) = u, 
and it does not make sense to resolve on undefined atoms. 

Example 5.2. The stable state semantics oi V = { a ^ not a, b ^ c} will be 
given by the clausal Herbrand interpretation S' = { ~^b, -<c } corresponding to the 
partial Herbrand interpretation I = S^ of V'^'^ . Here I{dis{a)) = I{dis{aV b)) = 
I{dis{-^a V c)) = u, but for the resolvent we get I{dis{b V c)) = f. 



5.4 Stable State Semantics 

Stable states are clausal Herbrand interpretations S' of a dd-database T> that 
are defined by a special fixpoint condition dct(Jcu(S‘^'')) = S'^'^ in terms of the 
Ic-operators [ 18 ] for the cd-transformation C* = and a variant of . 

Definition 5.1 (Stable States). 

Given a cd-database C and a dd-database T>. 

1 . The (unique) minimal model of the GL-transformation of C w.r.t. a total 
Herbrand interpretation I C Hbc of C is denoted by Ec{I). 

dis{-^Al V —'A2) is supported, if I{con{Ai A A2)) = f. On the other hand, assuming 
that dis{-^A-|_) and dis{~^A2) are not supported, it must hold l{con{Ai)) >t u, for 
i = 1, 2, which implies I{con{Ai A A2)) >t u, and contradicts I{con{Ai A A2)) = f. 
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2. A clausal Her brand interpretation S' of D is called a stable state of T> if for 
the total Herbrand interpretation / = of the cd-databases 

C* = / U \ { } 

it holds rct{rc<i{I)) = I. The set of all stable states of T> is denoted by 

Stabcs cd (T’)- 

Stable models / of C* = are characterized by Tct(/) = I. In the following 
we will represent clausal Herbrand interpretations (and thus stable states) S by 
their canonical form cani> (S) . As a consequence of Theorem 5.1, for a disjunctive 
deductive database T>, the representation of a stable model of D as a partial 
Herbrand interpretation J C Hlxi is a stable state of T>. 

Theorem 5.2 (Stable States). 

Given a disjunctive deductive database T>, then it hols 

StABCS2 {T>) C STABCEcd{T^)- 

This shows that the semantics of stable states is at most as strong as the seman- 
tics of stable models, i.e. SrABCScd{T^)^ C SrABCS 2 {'D)^ . The following Exam- 
ple 5.3 will give some dd-databases {T> 2 , V 4 , V^) where it is strictly weaker. 

For many prototypical databases which have been investigated frequently in lit- 
erature we will compare the stable states to the stable models and - for normal 
databases - to the well-founded model. 

Example 5.3 (Stable States). 

1. For the positive-disjunctive deductive database = { a V 6 } we get 

SrABCS 2 {'Di) = STABCScdiEi) = { { a, -.6 }, {-<a, b} }. 

The intersection is STABC£cd{Ei)^ = Stabc£ 2 {T>i)^ = { a V 6, ^b}. 

2. For the normal deductive database T >2 = { a ^ not b, b ^ not a }, we get 

Stabc£2{V2) = { { a , }, { 6 } }, 

STABC£cd{'E> 2 ) = Stabc£ 2 {T> 2 ) U { { -.a V ^5 } }. 

Stab C£ cd { 3 ^ 2 )'^ = {-la V -^b}, is weaker than the state Stabc£ 2 {T> 2 )^ = 
{ a V 6, -lO V ^6 } derived from the stable models, but stronger than the 
well-founded model 0. 

3. For the normal deductive database V 3 = {a ^ not a }, which does not pos- 
sess any (total) stable model, there is unique stable state = 0, which 
is identical to the well-founded model. A similar structure may for in- 
stance become active for “a = win{x)” within the database Emn of Subsec- 
tion 2.2, if the state S contains cyclic moves “move{x, x)” , namely win{x) ^ 
move{x, x) A not win{x). 




256 Dietmar Seipel 



4. For the normal deductive database T >4 = {a ^ not b,b ^ not c, c ^ not a }, 
we get Stabc£ 2 {T> 4 ) = 0, but there is a unique stable state 

54 = { “lO V -^b, ^6 V ~<c, “la V ~<c }, 

which is weaker than the inconsistent state Stabc£ 2 {T> 4 )’^ = Ghbxi^ derived 
from the stable models, but stronger than the empty well-founded model 0. 

5. For the dd-database = V 4 LI { aVbVc} which does not possess any stable 
or partial stable models, there is a unique stable state S 5 = 54U{aV6Vc}. 

6. For the stratified-disjunctive deductive database T>q = {a ^ not 6 }, we get 
a unqiue stable state Sq = {a, ^b}, which is the unique (total) stable model 
of T>q, namely the perfect model of T>q. 

7. For both of the stratified-disjunctive deductive databases = {c ^ a, c ^ 

b, aVb} and V'^ = {c ^ not a, c ^ noth, aV6} we get (for Vy G { }) 

STABC£ 2 {'Dr) = STABC£cd{T>7) = { { o, “.6, c }, { ~<a, b, c} }. 

The intersection is Stabcs = Stabc£ 2 {T> 7 )^ = { a V 6, -la V ^6, c }. 

8. For the dd-database T>s = { a, ^ a}, which has got no Her brand models, 
there exists one stable state 5g = { Dd }, i.e. SrABCScdi'^s)'^ = Cffs-pg. 

Especially for the dd-databases T> 2 , T> 3 , V 4 , V 5 , which are inconsistent under 
stable model semantics, stable states provide a plausible, consistent semantics. 

For positive-disjunctive deductive databases the intersection STABCEcdi'D)^ 
of all stable states corresponds to the union of the minimal model state MSv and 
the extended generalized closed-world-assumption EgcwAx>, as defined by [11], 
together with all general disjunctions that can be derived from MSt> - which is 
a disjunctive Herbrand state - and EgcwAxi - which is represented as a negative 
Herbrand state - by repeated applications of binary resolution. 



6 Conclusions 

Extended-disjunctive deductive databases allow literals to occur in all places 
where atoms are possible in disjunctive deductive databases cf. [14]. Marek and 
Truszczyhski have introduced clausal logic programming, cf. [12], as a further 
extension: clausal logic programs allow for general disjunctions - rather than 
atoms - in rule bodies, next to general disjunctions in rule heads. But clausal 
logic programs do not allow for variable symbols that stand for general disjunc- 
tions in their meta-language , and the ideas of transforming disjunctive logic 
programs to clausal logic programs or relating the semantics of disjunctive logic 
programs and corresponding clausal logic programs have not been investigated. 

In a forthcoming paper we will give a characterization of the stable states 
of a disjunctive deductive database in terms of the stable models of an an- 
notated clausal deductive database by modifying the concept of the tu- 

transformation known from [21]. We will investigate the new semantics w.r.t. 
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further desirable properties, such as modularity or independence under partial 
evaluation (GPPE), and compare it with some more semantics. 

In the future we will consider the complexity issue of stable state seman- 
tics, and we will work on an efficient implementation. So far we have used the 
system Smodels developed by Niemela [15] for computing well-founded and sta- 
ble model semantics for normal deductive databases. Smodels uses a grounding 
procedure, which does not work for databases with function symbols like the 
cd-transformation 'D^'^ . Thus, we have written a new grounding procedure for 
computing the ground instance gnd if the Her brand base ifex> of T> is 

finite. For a more efficient implementation, the goal is to back transform the 
declarative approach that is working with cd-databases into a procedure that 
is directly working with dd-databases. This would allow us to use systems that 
can handle disjunctions directly, e.g. the div-system of Eiter, Leone et al. [4], or 
our system DisLOG [23] for reasoning in disjunctive deductive databases. 

In another paper we will also show how reasoning in hypothetical [3] and 
in probabilistic deductive databases [25] can be formulated easily in terms of 
a suitable generic consequence operator which gives immediate results 

about the continuity of the underlying consequence operators without requiring 
extra proofs. 
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Appendix 

Theorem 4.1 (Properties of the Generic Tp Operator) 

The operator ^ 2"^ is monotonic and continuous on the complete 

lattice (2"^, C ). 

Proof, (i) Firstly, we prove monotonicity: 

X 1 CX 2 ^ expyiXi) C exv>{X2) ^ C T®’^(X2). 

(ii) Secondly, for proving continuity, consider a directed set 3^ C 2'^ of subsets 
of X. Let X = UvgyT. Then Uy^ycxp^iY) = exp^{X). Obviously, it holds 
UvgyT^’-(F) C 7^’-(X). Conversely, if a G T^’~(X), then there must 
exist a rule a ^ (3i A ... A (3m G gnd (D®), such that { Pi, . . . , Pm} C 
expy{X). Thus, there must exist sets Yj,^, . . . ,Yj^ G y, such that Pi G 
cxp^fYjP. I.e. there exist elements P[ G Yj^, such that P( > Pi. Since y 
is directed, there must exist a set Yj„ G y, such that { P[, . . . , P’m} C Yj^. 
Thus, {Pi,...,Pm} ea;p>(y,J, and a G T^'-{YjJ C Uyey7^’-(T). 

□ 



Theorem 5.1 (Characterization of Stable Models) 

Given a disjunctive deductive database T>, then it holds 

StabcS 2 {V^’^)'^ = StabcS 2 {V) U J, where J = tb or J = {J^ }. 

Proof, (i) Consider a total model I of such that I{dis{Oj^)) = f, and con- 
sider the corresponding Herbrand interpretation 7® of T>. It is not necessary 
to deal with atoms dis(a) for non-singleton negative disjunctions a G Nhbx> 
during the fixpoint evaluation of amoung the rules (rtpfg)^ the ones in 
{ dis{-^A) ^ negative{-^A) A complement(~<A, A) \ A G Hbx>, con(A) ^ 1} 
for minimal, i.e. atomary, disjunctions ‘AA” are subsuming the others. The 
resolution rule will consume the atoms dis{^A) and produce atoms 

dis{a) over positive disjunctions a G Dhbx>. The evaluation is equivalent 
to evaluating the disjunctive deductive database together with the set 
7?' = { ^ T I T G Hbxi, con{A) ^ 7 } of denial rules, using the disjunctive 
consequence operator 7^ for 7?" = U 7?'. 

(ii) 7 yf (-/®)® is a stable model of iff it holds can^{T.^ } (jj) = { A & 
PIbx>\I'^{A) = t}, i.e. iff 7® is a minimal model , i.e. iff 7® G Stabc£ 2 {'D). 

(iii) As a consequence of (ii) we get Stabc£ 2 {'D'^^)'^ Q Stabc£ 2 {P) U { J® }. 
Every stable model J G Stabc£ 2 {'D) can be perceived as J = I'^ for the 
total Herbrand interpretation 7 = J® of 7?'^'^ . Thus, according to (ii) we get 
J G StABC£2{V^'^)‘^. 

□ 
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Abstract. We present an approach to handle unavailable data sources 
during query execution over WWW which is based on partial evalua- 
tions. Syntax of the set-theoretic query language A and some examples 
of queries are given. We define an ordinary and a lazy semantics for this 
language. Moreover, we introduce a universe of non-well-founded hered- 
itarily finite protosets and an approximation relation on this universe 
in order to compare the partial answers to a query. A theorem about 
properties of the above semantics, in particular about correctness of lazy 
semantics is formulated. 



1 Introduction 

Adequate handling of unavailable data sources is one of the problems and char- 
acteristic peculiarities of query systems for the WWW. This unavailability of 
some HTML-pages during query execution is not an exceptional situation for the 
WWW and may be caused by various reasons: wrong typing of URL-addresses 
of the required pages, very slow response time due to overloading of network 
traffic, refuse of communication channel supplied by space satellite, temporarily 
down web-server, etc. 

Typically, the query execution requires a significant amount of resources and 
a long time for answering (due to data transmission over the global net). So 
the simple resubmission of a failed query may be a very inefficient procedure. 
Some solutions to this problem but only in the relational database context were 
proposed, for example in [4] and [14]. 

Our approach consists in dividing the query answer into two parts: a computed 
part, i.e. a set of required URL-addresses, and a lazy part as a new, complemen- 
tary query. The resulting query answer, which possibly is not yet computed and 
therefore consists of two parts, may be placed again into the WWW as a new 
HTML-page for further use. Thus, we have more general view on the WWW al- 
lowing both completely computed pages and pages with secondary queries that 
may be executed later. Such “embedded” queries, which are presented immedi- 
ately in web-documents, are called virtual data in [5]. Then, a complete answer 
to a query can be composed from the already computed part and the answer 
to the secondary query, if all the necessary data sources for this query will be 
available. 
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More formally spoken we model the web by a graph with vertices represent- 
ing web-documents and edges corresponding to hyperlinks between documents. 
Moreover, all vertices in this graph are partioned into two classes: active vertices 
which represent web-documents that are both available for viewing through some 
web-browser and completely computed, i.e. with an “empty” secondary query, 
and inactive vertices, otherwise. 

In this paper we consider the set-theoretic query language A proposed in [13] 
and further extended to web-like (in other terms, semi-structured) databases 
in [7]. We describe a new semantics for A taking into account the activity of 
web-documents. The essence of our set-theoretic approach to query languages 
for semi-structured databases which are represented by graphs consists in the 
following. 

Let G = ly, E) be a directed graph with a set V of vertices and a set E of 
edges. If f G y is a vertex, then the pair (G, f) is called a pointed graph. Then 
an arbitrary set s (consisting of sets of sets, etc.) defines such a pointed graph. 
Just let TC{s) be the transitive closure of s. Informally, all “intermediate” sets 
of s are constructed, starting with 0 and including the set s itself. Then the pair 

where ^ is an inverse membership relation on TC{s), is the pointed graph we 
need. In this way any set may be encoded by a pointed graph, and the above 
representation is called the canonical “picture” of the set s. 

On the other side, if G is a graph then each of its vertices v defines a set 
according to the corecursive definition 

[nf = {|wf |(u ^ r^) G if} . 

From the above definition one can see that if the graph has cycles, then some 
sets may contain themselves as elements in some level of nesting. Such kind of 
sets are known as hypersets or non-well-founded sets. 

Now, let t{x) be a set-theoretic term of n set variables {x = xi, . . . , x„). For 
example, t{x) can be a term of the A- language which will be described below. 
It denotes a set-theoretic operation of n arguments according to its natural 
semantics. As sets are represented (encoded) by pointed graphs, there should be 
corresponding transformer of graphs 

{G,vu...,Vn}^ {G',v') . 

Here the points v\, . . . ,Vn and v' correspond to the arguments x\, . . . ,Xn and 
to the resulting set t{x), respectively, and the set-theoretic values of Xi and 
t{x) coincide with and , respectively. We may also consider terms 

without free variables, but with constants corresponding to input graph vertices 
Vi, ...,v„. 

In general, the evaluation of a term t on a pointed graph < G, fi, ..., > may 

be considered as a process of appropriately extending this graph (G' extends G) 
by new vertices and related edges, which correspond to sets that are the results 
of the evaluation of the subterms of the term t, including t itself. 
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Such a representation of abstract objects by concrete objects, namely sets 
by graphs, which in addition are “understandable” by computers, proves to be 
efficient from the point of view of computational complexity: all operations, 
definable in the Z\-language, are computable in polynomial time in terms of 
graphs and vice versa (see [9]). 

In order to model the activity of web-documents we will regard graphs as 
triples G =< V,E,A >, where A : V ^{0,1} is an activity function. Here 
A{v) = 1 means that the vertex v is active. In this case a pointed graph < G,v > 
gives a value |u](| defined as 

We will call such kind of pairs protosets due to the work [10]. If p = (to, s) is a 
protoset, then to = 0 informally says that p is not “complete” as a set and may 
have more elements than those “explicitly” belonging to s. The intuition behind 
protosets as incompletely defined sets is given in more detail in the same paper. 
Note, that here protosets may be non- well-founded, unlike those in [10]. 

If we evaluate a term t over protosets, we are interested not only in the re- 
sulting protoset, but also in those elements that complete the given protoset. As 
the main contribution of the current work it turns out that we may always con- 
struct a Z\-term r defining the “uncomputed” part of the term t. More formally, 
the evaluation result of a term t on a pointed graph {G,vi, ...,Vn) with activity 
function A is a pair 

where {G',v') is an extension of the source graph (G, ui, ..., u„), i.e., G' = 
{V',E',A'), where V C V', E C E', A = A'\y, and r is the secondary ter- 

m. 

We assume that A'(v') = 1 holds in the resulting graph, if r defines or simply 
is equal to the empty set. The specific property of the lazy semantics, which will 
be defined later on, consists in that independent from the activity of the vertex 
v' , which represents the computed part of the term t, this part will include only 
active values, i.e., only those vertices u for which A'(u) = 1. Informally, in the 
context of the WWW this means that the hyperlinks collected in the computed 
part of the query may be clicked with a successful transition to the required 
pages. 

The paper is organized as follows. In Section 2 we present a syntactic vari- 
ant of the set-theoretic language A for querying web-like databases and provide 
illustrative examples of its use. In Section 3 we define the ordinary, “non-lazy” 
semantics of the Z\-language. Its specifics consists in the assumption that all 
vertices of the graph by which we model the web are active. In this case argu- 
ments and results of the queries are graphs with all vertices being active, and 
the secondary query will be absent. As protosets, all of them will have the same 
first component equal to 1. Therefore, they may be considered (after ’’stripping” 
their first components) as the ordinary sets. More formally, we define the ordi- 
nary semantics of the Z\-language in terms of elements of HFi, the universe of 
non-well-founded (hereditarily finite) sets. 
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In Section 4 we define the lazy semantics in terms of elements of HFP\ which 
is a new universe of non-well-founded hereditarily finite protosets. 

In Section 5 we introduce an approximation relation on HFPi in order to 
compare query answers with respect to their precision degrees. Here also the 
main Theorem is formulated which states that lazy semantics: 

(i) coincides with ordinary semantics under the activity of all data sources; 

(ii) guarantees, that only active sources hit to the computed part of the answer; 

(iii) supplies more and more precise answers under monotone extension of the 
set of active data sources; 

(iv) is correct. 

In this paper we do not consider the very intriguing and important questions 
of using the secondary queries stored as data in database in subsequent queries. 
This would require linguistic reflection [15,12], i.e., the introduction of a Lisp- 
like operation eval into query language, and the composition of query results, 
which in general may be incompletely computed. Some algorithms and results 
concerning related problems may be found in [3,6]. 

The Z\-language has been implemented both with ordinary and lazy seman- 
tics. 



2 A Query Language A for the WWW 

The possibility to use the set-theoretic language A as query language for web- 
like databases (in other terms, semi-structured databases [1]) was shown in [7]. 
The main idea is that sets whose elements are again sets, etc. may be naturally 
represented by vertices of a graph, and membership relations u G m by edges 
u V oi that graph. Generally, an element v of set u may have an attribute 
label I, what is denoted as I : v G u. This may be represented by a labelled edge 

i 

u ^ V. 

On the other hand, the WWW also has a graph structure. Here, the graph 
vertices represent the web-documents with unique URL-addresses of the form 
http://www.botik.ru/PSI/index.html 

while the graph edges are the hypertext links between web-documents. There 
are no restrictions for references. Thus, the presence of cycles in a hypertext 
structure is a typical situation. But the cycles in the membership relation such 
as u G vi G V 2 € ... G Vn G u (n > 0) are forbidden in the usual set theory by the 
Foundation axiom. If this axiom is replaced by the Anti-Foundation Axiom this 
problem disappears. In particular, the resulting non-standard set theory has the 
universe FlFi of non- well- founded hereditarily-finite sets among its models. 

In practice, a notion of “locality” is very important in the web-context. T- 
wo web-documents are local with respect to each other, if they are placed on 
the same web-server (more precisely, have the same hostname-component in 
their URL’s). Formalizing this notion of locality requires to introduce in the 
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set-theoretical language a basic binary predicate Local. This predicate is satis- 
fied for pairs of relatively local documents. This predicate is important for the 
problem of reducing the query search space, which will be demonstrated in some 
query examples below. 

2.1 Syntax 

The syntax of the Z\-language for WWW-querying is defined as follows: 
Z\-terms ::= c | a; | 0 | {?i : t \, ..., In ■ tn}\ U t\TC{t)\LTC{t)\ 

{I : x\l : X x)} \{l : t' (x) \ l : x G t} \ 

D{s,t)\fi:s.q.[q = qU {I : x\l : X € tSz(j){q, l,x)}, p] 

Z\-formulas ::= T\F\l = m\ s = t\ l:sGt\^(j)\(j)i&z(j)2\4>i V (f> 2 \ 
yi : X G 1 4>{l, x)\3l X Gt 4>{l, x) 

Here, c is a constant (URL-address), a; is a set variable and are 

A- terms, l,li,m are labels, i.e. words from a given language C. The operator 
Ut is the set-theoretical union of the family t of sets. TC{t) is the transitive 
closure of the set t. In WWW-terms this is a set of all web-documents reach- 
able from page t. LTC{t) is defined in the same way as TC{t), but references 

among web-documents may be only local. Formally, a reference u v is local 
iff Local{u,v) = true. 

{I : x\l : x G tk(p{l,x) } and {I : t'{x)\l : x G t} are the constructs of selec- 
tion (comprehension) and image, respectively. The construct fix for inflationary 
fixed points denotes the least solution of the equation 

q = qU {I : x\l : X G tSz4>{q,l,x)} , 

that is the result of stabilizing the sequence qo,<li,<l2, ... of sets, where qo = P 
and qi+i = qiU {I : x\l : x G tSz 4>{qi, I, x)}. 

The operation D{s,t) is a “pure” set-theoretic equivalent of the decoration 
operation (in other terms, Mostowski surjection) which is well-known in non- 
well-founded set theory [11]. The original decoration of a graph G = (V, E) is a 
function do on V, such that 

da{v) = {dG{u)\{v ^ u) G E} . 

For example, if G = ({ui, U 2 , fa}, {u ^ vi,v V 2 ,V 2 I's})? then dciv) = 

Let s be a some set the elements of which may be ordered pairs (u, v) of 
sets. Following Mostowski such pairs can be encoded as sets {u, {m, u}}. Then 
we define a function G on arbitrary sets s by 

G(s) = ({u| < u,v >G sV < u, M >G s}, {v ^ u\ < u,v >G s}). 

The operation D{s, t) of the Z\-language is theninterpreted as D{s, t) = dG{.s){t), 
where the argument t of the function c?g(s) is treated as a vertex of the graph 
G(s). In fact, we will apply the above decoration operation in the context of 
labelled sets or graphs, respectively. 
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2.2 Query Examples 

Example 2.1. We would want to know whether Java and Web are among the 
research interests on Mathematics department of Indiana University. Thus, we 
want to find on the web-site of this department all pages labelled by words 
“Java” or “Web”: 

{I -. x\l \ X G ETC {www.math.indiana.edu) & 

(; = ”Jaua” V Z = ”lUe6”)}. □ 



Example 2.2. To which web-sites references exist from the web-site of the above 
department? Concretely, we want to collect all references from a given web-site 
to external sites. With some syntactical abbreviations, which are expressible 
through basic constructs of the Z\-language, this query looks as: 

{I : x\l : X G y G ETC {www .math.indiana.edu) & 

~^{l : X G ETC {www. math. indiana.edu))}. □ 



Example 2.3. Find all pages on a given site (say, www. math. indiana.edu), from 
which the main (home) page of this site is reachable. The corresponding query 
(in some lightened syntax without labels) which uses the fix-construct is shown 
below: 

fixq.[q = qU {x|x G LTC(www. math. Indiana. edu) & 

( {www .math.indiana.edu G x) \J {3z G q. z G x) )} , %]. □ 



Example 2.4. The answers to all queries are always stored on the “local” com- 
puter, where the query system is executed. Then, we have the possibility to copy 
a complete remote web-site (more precisely, its hypertextual, topological struc- 
ture) to the local computer. First we represent this remote site as a set of edges 
(hyperlinks), and then we reconstruct its original structure by decoration : 

D{{1 : {x,y)\x,y G ETC{{root : www.math.indiana.edu})h 
{I : x G y)} , WWW. math. Indiana. edu). 

Note, that having a local copy of a remote site, we may now query this site 
locally. □ 

3 Vl^-Structures and Ordinary Semantics 

We begin with the definition of the ordinary, “non-lazy” semantics of the Z\- 
language. This semantics models the situation when all data sources in the web 
are active. 



3.1 W-Structures and Local Bisimulation 

As stated above we take into account in our web-model the notion “locality”, 
both when all sources are active and in more general case with some inactive 
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sources. Namely, we define the ordinary semantics on so called W-structures 
which are graphs with “localities”: 

W = (V, E, Local) , 

where F is a (finite) set of vertices denoting web-documents, if C £ x (V x V) is a 
finite set of edges labelled by words from a given language £ and Local CVxV 
is an equivalence relation. Any equivalence class with respect to Local denotes 
a set of web-documents placed on the same site. 

Notation. The triple (l,u,v) G E will be denoted as u u. 

According to this model two HTML-pages are assumed to be equal, if they are 
placed on the same web-server and contain equally labelled hyperlinks pointing 
to equal or identical pages. In particular, a page and its copy on “mirroring” site 
will not be equal. 

Formally, this understanding of page “equality” is realized by an extended 
definition of the well-known notion of bisimulation: 

Definition 3.1. A local bisimulation on the W-structure W = {V,E, Local) is 
a relation R CV^, such that for any u,v G V 
uRv ^ {Local{u,v)h 

V(u ^u')gE 3{v ^v')gE 
{{Local{u,u') u'Rv')Sz 
Local{u,u') u' = v'))Sz 
y{v ^v')gE 3{u ^u')gE 
{{Local{v,v') u'Rv')h 

Local{v,v') ^ u' = v')) □ 

Let I i? C is a local bisimulation on W}. 

3.2 Transformers of W-Structures 

In accordance with the idea exposed in the introduction, we define the ordinary, 
“non-lazy” semantics of the Z\-language through the (inflationary) transformer 
IT of terms and formulas on W-structures of the form 
IT :< W,t >^< W',v' >, 

IT :<W,(j3>^<W',b>, 

where t is a closed Z\-term, <j) a closed Z\-formula, and W' is an extension of the 
source structure W : 

W' =<VUVi,E', Local' > , 

such that y n V; = 0 , if C E', Local' = Local\J{< u,v > \u,v G Vi}, v' G yuV;, 
and b G {T,E}. Here Vi models the set of web-documents created by the term 
(query) t (or formula 4>) evaluation on the computer, where the query system is 
executed. 

Informally, this transformer treats the set-theoretic operations of the Z\- 
language (the explicit enumeration, the union, the transitive closure and oth- 
ers) in terms of modifications (namely, extensions) of the original IF-structure. 
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In addition, for the Z\-formulas the transformer indicates besides the extension 
rules (since formulas contains terms), how the truth values are computed. 

As an abbreviation for the sequential transformation of Z\-terms ti, . . . ,t„, 
starting with the structure W, where 

IT{<W,h >)=<WuVi >, 

IT{< >) =< Wi,v^ >, 2 <i <n, 

and Wi =< V LI Vi^, Ei, Locak >, 1 < z < n, we will use the generalized IT- 
transformer 

IT :< W,ti, >^< W',Vi, ...,Vn >, 
where W =< V U Vi,En,Localn >, and Vi = IjVj,. In particular, vi,...,Vn S 
VLVi. 

Notations. 

1. Let W =< V, E, Local > be some W-structure. Then, we suppose that in the 
Z\-language there exists a constant c for each vertex v G V, which denotes 
this vertex. 

2. If x) is a formula with free variables I and x, then t] is the result of 
substitution of m and t in each free occurence of I and x in the formula (f>, 
respectively. 

3. = denotes syntactical identity. 

4. In the sequel, structures W and Wi have form: W =< V UVi,E', Local' > 
and W\ =< V U Vi,Ei,Local\ >. 

3.3 Transformer IT: Fragments of the Definition 

In the following we present the characteristic clauses of the inductive definition 
of IT. In all cases, unless otherwise specified, it is assumed that 
IT{< W,s>) =< Wi,vi >, 

IT{< W,t>) =< W',v' >, 
and Vi = V\L {n'}, v' L Vi. 

Recall, that < W ,v' > is the extended resulting structure, where v' repre- 
sents the computed value of t. 

la.t = Cv. 

Here IT{< W, t >) =< W, v >. 

2a. t = U s. 

Here E' = E\L {v' ^ w\3l G £3u €VUVi(vi^u gEi&u-^w G Ei)}. 
This is the ordinary definition of the set-theoretic union in graph terms. 

3a. t = {/i : ti, ..., Iji : 

Let IT{< W,ti, >) =< Wi,v\, ...,Vn >, where wi,...,w„ G V LVi. Then 

E' = EiL {v' Ui|l <i< n}. 

4a.t = TC{s). 

Here E' = E\L {v' u| exists a path v\ ^ u\ ^ U2 ^ ... Un, n > 1, in W\ 
such that In = I and = u}. 

This is a habitual definition of the set-theoretic transitive closure again in graph 
terms. 
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5a. t = LTC{s). 

Here E' is defined as in 4a with additional condition for the path: VI < t < 
n, Local{vi,Ui)}. 

6a.t = {I : x\l : X G sk(f>{l,x)}. (Here l,x are bounded variables, where the 
values of I are the labels). 

Then E' = EiU {v' ^ u\ (ui ^ u) £ E\ k, IT{< Wi, Cu] >) = 

< W , T > for some W-structure W }. 

Here IT(< Wi,<f)[m, Cu] >) gives the truth value of (f)[m, Cu] on structure Wi. 
lb. (j) = T{E). 

Then IT{< W,(l) >) =<W,T (E) >. 

The transformer IT behaves on logical constants as identity map. 

2b. <j) = I = m. 

Then IT{< W, (f) >) =< W, b >, where 

^ _ f T, if I = m, 

\ E, otherwise 

3h.(j) = I : s € t. Let IT{< W, s, t >) =< W\,vi,V 2 >■ Then 
IT{<W,(j)>) = < ITi, 6 >, where 



b = 



T, if G V UVi{v2 v'l) G Ei&ivi ^Wi v[, 
E, in other case. 



Here we use a bisimulation relation to treat the equality predicate in the Z\- 
language. 

4b.(() = \/l : X G t'tp{l,x). Let IT {< W,t >) =< Wi,v\ >. Then IT{< 
W,(f) >) = < W\,h >, where 

r T, if V(ui ^u)gEi IT{< >) =< W",T > 

6 = < for some structure W depending on u, 
y F, in other case. 

Original graph transformers for Z\-language are described in [7,13]. 

Definition 3.2 (Semantics of terms). 

If t is closed Z\-term , and IT{< W,t >) =< TT',u' >, then a denotation of 
term t on the strncture W (denoted as or simply |t], if the structure 
W is known from the context) is a set defined corecursively as 

IvT' = {l--{ur'\{v' ^u)gE'} , 

the existence of which is guaranteed in the universe HFi. □ 



4 W) 4 -Structures and Lazy Semantics 

The web in which some data sources may be inactive is modelled by extended 
W-structures that are supplied by an activity function A : V {0, 1}. Such 
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extended structures will be called as WOi-structures, and they have the general 
form: 

Wa = (V,E,Local,A). 

Correspondingly, the lazy semantics of the Z\-language is defined through 

the transformer LC (lazy computation) of terms and formulas on Wa- 
structures: 

LC :<WA,t > , 

LC:< Wa,i^>^< > , 

where t,r are Z\-terms, (j),(t)' are Z\-formulas, VC 4 , =< V U Vi, E' , Local' , A' >, 
V f]Vi = , E C E' , Local' = Local U {< tt, u > |tt, u G V/} , A = A'\^ and 
v' G V VJVi- Note also that terms and formulas may contain free variables in this 
case. 

Informally, in the triple < > v' is the semantic part of the answer 

to the query t, namely the computed part of the term t, and r is the syntactic 
part of the answer to the query, i.e. the uncomputed, “lazy” part of the term t. 

As above, the sequential transformation of Z\-terms ti, . . . starting with 
structure Wa will be presented by generalized LC-transformer of the form 
LC :< WaAi, ■■■An >^< < vi,n >,...,< u„,r„ >>. 

Definition 4.1. 

An active local bisimulation on the MAi-structure Wa = (V,E,Local,A) is a 
relation R C , such that for any u,v G V 

uRv ^ {Local {u, v) SzA{u) = A{v) = 1 & 

V(u ~^u')gE 3{v ^v')gE 
{{Local{u,u') u'Rv')Sz 

{^ Local{u,u') u' = u') ) & 

V(u ^v')gE 3(m ~^u')gE 
{{Local{v,v') u'Rv')&z 

{^ Local{v,v') u' = v')) holds. □ 

Let LH-R I i? C is active local bisimulation on Wa}^ 

Definition 4.2. If Ai,A 2 : V — > {0,1} are activity functions, then define 
Ai E A 2 , iff Vu G C Ai{v) < A2 {v). □ 

Especially note that a very strong definition of bisimulation is a necessary condi- 
tion for the monotonicity of lazy semantics under the corresponding extension of 
set of the active data sources. In order to achieve in general the semantics to be 
monotonic, then whenever formula (j) has some truth value on the IpA-structure, 
then the same value must be preserved on any IEa' - structure, such that AC A' . 



4.1 Two Variants of Lazy Semantics 

In the following we present two variants of the lazy semantics for the A-language 
called rough and precise, respectively. The difference between them may be easily 
explained by an example. 
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Example 4-1- Let us consider the term Up, where 

p= (0,{(0,a;),(l,{(0,y),(l,z)})}) 

is a protoset. Then the pair (e,r) consisting of the protoset e = (0,0) and 
the secondary term r = Up will be a denotation of the term Up in the rough 
variant of semantics (see for example cases 4a, 5a, 6a, clause a) in the definition 
of transformer LC). In general, this means that if an inactive protoset, i.e., a 
protoset of form (0, s) for some set s, occurs in the denotation of some subterm 
of the term under consideration, then the elements of s will not be taken into 
account in the denotation of a basic term. 

In contrast, the pair (e', r') consisting of the inactive protoset e' = (0, {(I, z)}) 
and some secondary term r' will be a denotation of the same term in the pre- 
cise variant of the semantics. In other words, this variant takes into account 
the known elements of the incompletely defined protosets in order to give the 
maximally precise denotation of basic term. □ 

Though we are stopping in the middle of one’s course in the rough semantics, it 
nevertheless turns out to be useful enough for practical needs. 

We now give below the definition of the rough semantics, leaving the precise 
variant for forthcoming papers. 

4.2 Transformer LC: Fragments of the Definition 

When the set of terms h : U in the enumeration construct '■ tn} is 

given by a property (p{l,t), we will use the metanotation {|^ : instead. 

In all following clauses, unless stated differently, we assume that 
LC{< Wa, s >) =< ITai , vi,ri > and 
LC(< WA,t > = <W^,,v',r > , 

with 

ITai =< V U Vi, El, Locali, Ai >, 

=<VUVi,E',Local',A' >, 

Vi = ViU{v'},v' 44 V UVi, 

and 

^ f Til U {< v', 1 >}, if r 4> 0, 

\ U {< v', 0 >}, otherwise. 

Here x ^ y means “x can be rewritten to y” . For example, U { 0 , 0 } 0 ) . 

la.t = Cv. 

Then LC{< WA,t>) =< Wa,v,% >. 

2a.t = X. 

Then r = x, E' = E,A' = H U {< u', 0 >}, 

i.e., any free variable always is transformed to the secondary term with adding 
’’empty” vertex to resulting structure. 

3a. t = (^1 ; ti , In ■ tn} ■ 

Let LC{< WA,h, ..,tn >) =< VFai, 

< vi,Ti >, < Vn, Tn », where Vi &V UV\,1 <i <n. Then 




Partial Evaluations in a Set-Theoretic Query Language for the WWW 



271 



r = : til l<i<n k Ai{v^) = 0|}, 

E' = El LI {v' ^ Vi\l <i< nkAi{vi) = 1}. 

Here, the secondary term r enumerates all uncomputed terms-arguments. 

4a. t = Ls. 

a) : If Ai{v\) = 0, then r = Us and E' = Ei. 

b) : If Hi(ui) = I, then 

r = U{ Fst Level : ri, SndLevel : T 2 }, where 

EstLevel, SndLevel are any two new labels, and 

ri=U{|t:Cu |3t € £3u GVUVi(vi-^u GEi&Ai(u) = 0)|}, 

r2={|m:Cw \3lG£3uGVLVi{vi-^uGEik 

Ai{u) = Iku ^ w € Elk = 0) |}, and 

E' = EiL {v' ^ w\ 31 G £3u SVUVi(vi-^u SEi&Ai(u) = l& u-^w G 
El & Ai(w) = 1 ) }. 

In this case, term r describes all vertices unreachable from vi on pathes with 
length 2 (due to inactivity some vertices on these pathes). 

In the following, let 

R{l,u) ^ '' exists apath tti tt 2 — *■ Un in Wai, 

such that In = I kun = u” 

5a. t = TC{s). 

a) : If Ai{vi) = 0, then r = TC{s) and E' = Ei. 

b) : If Ai{vi) = I, then 

r = TC{{\1 : Cu|R(l,u) &VI < i < n-IA(ui) = l&A(un) = 0|}, E' = EiL{v' 4 
tt| R{1, u) kyi < i < nA{ui) = 1}. 

Here, the term t is constructed as in 4a with the exception that the pathes of 
arbitrary length are considered. 

6a. t = LTC{s). 

a) : If Ai{vi) = 0, then r = LTC{s) and E' = Ei. 

b) : If Ai{vi) = I, then 

r = U{ Vertices : ri, TheirLTC's : r 2 }, 

where again Vertices, TheirLTC's are any two new labels, and 
ri = {|Z : Cu| R(l,u) & VI < i < n - 1 Ai(ui) = l&Ai(un) = 0|}, r 2 = {|^ : 
LTC(cu) I R(l,u) & VI < i < n - 1 Ai(ui) = l&Ai(u„) = 0|}, E' = EiL {v' 4 
m| R{1, u) k yi < i < n Ai{ui) = 1}. 

In the definition of secondary term r we take into account the subtle property 
of operation LTC{t), that if the term t is complex, i.e., t ^ c, then the local 
transitive closure is computed ’’without looking inside” to the sets, denoted by 
constants in t (to be distinguished from ordinary TC - see definition of Local' 
for transformers IT or LC ). 

7a.t = fixq.[q = qU{l:x|l:xGt & ^(q, 1, x)}, p] 

Here, we will explain the ’’lazy” semantics of given construction only informally 
( the precise formulation is too cumbersome). 

The ordinary computation of the fix operation is performed by construction 
of the sequence of sets: 

90 =P, 
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qi+x = qiU {I : x\l : X & tk(f){qi,l,x)} 
until to the stabilization of this sequence. 

The lazy computation of fix is finished, if either 

(a) the sequence has been stabilized on, say, , and all elements of 

this sequence have been completely computed; in this case, < 0 > is the 

result of the lazy computation of t, 

or 

(b) if the next in turn qi has not been computed completely; in this 
case the result is 

< 0, t >, if i = 0, 
or 

< q^-i, r >, if t > 0, 

where r = fixq.[q = qU{l:x|l:xGt & 4>{q, l,x)}, qi_i ]. 

Add, that above qi is considered as completely computed, if all q' G qi are com- 
pletely computed also (this needed in order to the clause (ii) in Main Theorem 
would be true). 
lh.(j) = I : s G t. 

Let LC{< Wa,s, t >) =< Wai, < v\,ri >, < U 2 , »■ Then 

LC{< Wa,4> >) = < >, where 



'T, if Ai(ui) = 1& 

GV UVx{v2 u'l) G Elk vi ] 

j)' = ' F, if Ai{vi) = Ai{v 2) = lk 

gV \JVi{v2 v'l) G El kvi wvVai ] 
^ (j), in other cases . 



Definition 4.3 (Lazy semantics of terms). 

For a Z\-term t we have LC{< WaA >) =< bF^,,u',r >, where Wa =< 
V, E, Local, A >. Then, a (lazy) denotation of term t on the structure Wa, de- 
noted as or simply is a value , defined by corecursive identity 

= {A'{v'), {I : luj^A' |(u' 4 u) G E'}) . □ 

The above pairs generalize the notion of “protoset” [10] to the non-well-founded 
case. 

Definition 4.4. An active denotation of a term t on the structure Wa (denoted 
as or simply |t|4 is a set defined as 

= {I : |(u' 4 U) G E'kA'iu) = 1}. □ 

5 Main Theorem 

In order to state our main theorem, we have to define what it means that a 
(non-well-founded) protoset approximates another protoset, otherwise said, that 
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it is clarified by it. First of all, there is precise definition of the universe HFPi 
of non-well-founded hereditarily-finite protosets as the largest set x, such that 

X = {0, 1} X V<u,{x) , 

where, V<^ui{x) is the set of all finite subsets of x. HFPi is the generalization 
of the well known universe FlFi of non-well-founded hereditarily-finite sets. The 
existence of this universe can be proved by using the Anti-Foundation Axiom 
[ 2 ]. 

Notation. If a: G HFPi, then we write for the first component of x, and x^ 
for the second component. 

Moreover, we adopt the slight modification to work in the universe HFPf - the 
universe of protosets with elements labelled by words from the set C. 

Definition 5.1. An approximation relation on HFPf is any binary relation 
such that for any x,y G HFPf 

X y ^ [x^ = = I yi : x' G x^ 31 : y' G x' Rn y' & 

yi : y' G y^ 31 : x' G x^ x' Ac y' ] V 
[a;° = 0 & V? : x' G x^ 31 \ y' G y^ x' Ac y' ] holds. 

We say that x approximates y (or y clarifies x) and denote this as x Q y, iff 
there exists an approximation relation Ac, such that xRtzy. □ 

Again, our relation C is an extension of approximation preorder from [10] to 
non- well-founded case. 

Theorem 5.1. 

(i) Let t he a closed A-term, W =< V, E, Local >, and W\ =< V, E, Local, I >, 

where {1} is the constant function. Then 

m = mi, 

i.e., the ordinary and the lazy semantics coincide in case of absence of in- 
active sources. 

(ii) Let Wa =< V, E, Local, A > and for any A-term t (where t ^ c) let 

LC{< WA,t>) =< W(i,,v',r>, 
where IF 4 , =< V \JVi, E', Local' , A' >.Then 
v' GVi^ y{v' 4 m) G E'A'{u) = 1, 

i.e., in the computed part of the term (query) only active sources are present. 
(Hi) Let Ai and A 2 be activity functions with Ai Q A 2 . Then, for any A-term t 
we get 

E PFe 

i.e., under extending the set of active sources we obtain more and more 
precise answers. 

(iv) Let Wa =< V, E, Local, A > and LC{< Wa, t >) =< IF 4 ,, u', r > be as in 
(ii). Then we get 

{a) [tF E m*, 

(b)for any Ai, ( 0 , ( |r]^i ) C |t]^i 

( in particular, |r]; C \f\l), 

i.e., the lazy semantics is correct. □ 
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Abstract. Consider a matrix satisfying the following two properties. 
There are no two rows of the matrix having the same entries in two 
cyclically neighbouring columns. On the other hand for each subset of 
the columns not containing a cyclically neighbouring pair there are two 
rows having the same entries in these columns. 

In this paper the magnitude of the minimal number of the rows of such a 
matrix will be determined for given number of columns. Using the same 
method, the analogue question can be answered for some other Sperner- 
systems, too. The heart of the proof is a combinatorial lemma, which 
might be interesting in itself. 

Keywords, relational database, keys, antikeys, labelled directed tree, 
extremal problems 



1 Introduction 

A relational database system of the scheme r(oi, 02 , . . . , a„) can be considered 
as a matrix, where the columns correspond to the attributes a^’s (for example 
name, date of birth, place of birth, etc.), while the rows are the n-tuples of the 
relation r. That is, a row contains the data of a given individual. 

Let us denote the set of columns of a given m x n matrix M by 17. AT C 17 
is a key, if two rows, that agree in the columns of K, agree in any column. Keys 
play an important role in the theory of databases. A database can be considered 
as a matrix and if we know the connection between the columns of a key and 
the other columns, it is clearly sufficient to store the columns of the key. For 
a summary of combinatorial problems and results of database theory see for 
example [8]. 

A key is called a minimal key, if it does not include other keys. The system of 
minimal keys is clearly a non-empty Sperner-system (i.e. no member can include 
another member). On the other hand for any non-empty Sperner-system K, there 
is a matrix M in which the family of minimal keys is exactly K, [1,3,4]. In this 
case we say, that M represents JC. 

However it is not clear, what the minimum of m is, for which a matrix 
exists, which has m rows and represents /C. Denote this minimum by s(/C). The 
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problem was widely studied, if |17| = n and JC = consists of all subsets of 17 
of k elements [6, 5, 7, 2]. In many cases the exact value was determined. 

C 17 is an antikey if it is not a key. An antikey is called a maximal antikey, 
if other antikeys do not include it. If /C is the system of minimal keys, denote 
the system of maximal antikeys by IC~^. There is a strong connection between 
s(/C) and the magnitude of s(/C) is between and its square root. 

More precisely ([5]) 

and s(/C) < l+\IC~^\ (1.1) 

hold. Most of the results proved the sharpness of the lower bound until now. 

It is quite natural to ask s(/C) for other Sperner-systems. While nearly noth- 
ing is known about it, the best thing we can do is to start with a simple structure. 
Methods for simple Sperner-systems may give ideas for solving this problem for 
more difficult structures. Suppose, that the Sperner-system contains only sets 
of two elements, for example if the Sperner-system is the circle. This problem 
was rised by G.O.H. Katona. Let |17| = n, and C„ the circle on the columns, i.e. 
C„ = {{!,2}, {2,3}, ... , (n— 2,n— 1}, (n— l,n|, (n, 1}}. (n is associated with 
nth column of the matrix.) The aim of this paper is to determine the magnitude 
of s(C„). The result is somewhat surprising, because it is closer to the upper 
bound of (1.1). Examining the method of the proof, a more general theorem can 
be obtained for other Sperner-systems. 

Finishing the introduction, let us say a few more words about the motivation. 
Suppose, that little a priori information is known about the structure of a given 
database. If some theorem ensures the validity of certain inequalities among 
some parameters of databases and we have information on the actual values of 
a part of these parameters then some statement can be conluded for the other 
parameters of the given matrix. In our case, we have a theorem between the 
number of columns, system of minimal keys and the minimal number of rows. 
So if we know the number of the columns and the number of the rows is less 
than this minimum, then the system of minimal keys can not be this one. 

Finally, consider the following database scheme showing that neighbouring 
attribute-pairs can be the system of keys of minimal cardinality. Suppose that we 
have objects rotating uniformly (for example planets or stars in an astronomial 
database). For every object a fixed position of it is given. The attributes are the 
angle between the actual position and the fixed one at the integer points of time 
(with some unit). It is easy to see, that two neighbouring attributes determine 
all the data of an object (so the angular velocity modulo 27 t), while two other 
columns do not. Unfortunately, there are other types of minimal keys of greater 
cardinality. Instead of this system of minimal keys, we study the above simpler 
Sperner-system. 
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2 Summary of the Results 



Before stating the theorems, two constants must be defined. Let k be the unique 
real root of the polynomial P{x) = 23x^ — 23a;^ + 9x — 1, i.e. numerically 



1 






3 3^ V 

and let us introduce the notation 






, , 1 — K 1 — 3k, 1 — k 

Note, that k « 0.177008823 ... , and A « 0.405685231 .... 
Theorem 2.1 



A. For every 0 < e < ^ there exists an n* , such that for n > n* 






-1 



1 1 — £ 



<s(C„)< IC1 + 1- 



( 2 . 1 ) 



B. 



log2 s(Cn) 
n 



A. 



( 2 . 2 ) 



Exploiting our method, we were able to prove a more general theorem. 

Let Qn be a Sperner-system on the underlying set V, \V\ = n. Furthermore, a 

k 

partition y = Q y, \V^\ = Uij no+ni+ . . . +n/,=n, Vi = . . . ,Wn}}, 0< 

i < k oi V is given satisfying the following properties. For every 1 < i < k, 1 < 
j < rii—1 G Gn holds. On the other hand for every K G Gn 

different from the above sets G A n (F\Vo) j=l or j=ni holds for 
1 < z < A:, 1 < j < nz. Assume , that ni +oo, 1 < z < fc and zzq = o(zz) then 
the following holds. 



Theorem 2.2 



A. For every 0 < e < | there exists an n* , such that for n > n* 






(2.3) 



B. 



I0g2 S(gn) ^ ^ 
n 



(2.4) 



For the sake of better understanding Gn let us consider a few examples. 
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Example 2.3 Some (maybe only one) disjoint circles and paths, covering every 
vertex. All lengths tend to infinity. (Vertices are associated with the columns of 
a matrix.) 



Example 2.4 Assume, that a finite grid is given. Devide all edges between 
neighbouring grid points into n parts with n—1 points (n^oo). 



Example 2.5 Let Sn be an arbitrary Sperner-system on {1, 2, . . . , [ } not 
containing 0,{1},{2}. Add the path {1, TislTrl+l}, {[Elnl+l, +2}, • • ■ , 
{n— 2, n—1}, {n—1, n}, |n,2}. 

Although the first theorem is a special case of the second one, we will prove 
both of them. This is motivated by the several technical difficulties in the proof 
of the more general theorem, which could cover up the essence of the proof. 

3 Main Lemma 

A tree F is called a directed tree, if there is a direction of the edges, so that 
a vertex r (root) has only out-neighbours, and an arbitrary vertex vf^r has a 
uniquely determined in-neighbour n(v). N(v) denotes the out-neighbourhood of 
V. The set of the leaves of the tree is denoted by 1{F). Let 17 be a (finite) set. 
A tree F = F{U) is called labelled, if a subset A{v) of U is associated with each 
vertex v of F. 

Let U = {1,2, ..., m} (to > 2). Consider the family of directed labelled trees 
F = for which the vertices of each tree F G F are labelled as follows. 

The label of the root r of E is A{r) = U. For an arbitrary vertex n of E there 
is a disjoint partition N{v) = Nq{v) U Ni{v) of its out-neighbourhood and the 
following hold: 



A(u) C A{n{v)) (uyfr), (3.1) 

|A(u)|>2, (3.2) 

wi,W2 € Ni{v) A(wi) n A{w2) = 0 (f=0, 1), (3.3) 

wi G Ni{v), W2 G Ni-i{v) |A(wi) n A{w2)\ < 1 (f=0, 1). (3.4) 



Introduce the notation T(m) = max |1(E)|. As an example, consider the 
following labelled directed tree E of . 

Example 3.1 A(r) = (1, 2, 3, 4, 5, 6, 7, 8, 9}, N{r) = {vi,V2,vfi{, A{vi) = 
{1,2, 3, 4, 5}, A{v2) = {6,7}, ^( ua ) = {3,6,8}, N{vi) = {va,v^,vq,vj}, A{v4) = 
{1,2,3}, A(us) = {4,5}, A{ve) = {1,5}, A{v7) = {3,4}, N{v 4 ) = {u8,ug}, 
^(^'s) = {1,3}, A(u9) = {2,3}, 1 {F) = {v2,V3,V5,vq,V7,vs,vq}. It is an easy 
exercise, that F satisfies the properties (3.1)-(3.4). 
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Lemma 3.2 For every 0 < e < | there exists an M depending only on e, so 
that for every integer m> 2: 



T{m) < (3.5) 

4 Proof of the Main Lemma 

Before estimating T(m), an easy technical lemma is needed. 

Lemma 4.1 For arbitrary integers mi, m 2 , ■ ■ ■ ,mk > 2 the following hold: 

Tfmi) + T(to 2 ) + . . . + Tfmk) < T{mi + TO 2 + . . . + Wfc), (4.1) 
if mi < m 2 then T{mi) < T(m 2 ). (4.2) 

Proof. In order to prove (4.1) it is sufficient to see that T{mi) + T(to 2 ) < 
T(mi+TO 2 ). Let two directed labelled trees, Fi and F 2 be given with the disjoint 
labels Ui and U 2 at their roots respectively, \Ui\ = mi, |^(Jfi)| = Tfmi) (z=l,2). 
Suppose, that these trees have properties (3.1)-(3.4). Now consider the following 
directed labelled tree F. Its root has degree 2, and connected with the roots 
of Fi and F 2 , which are subtrees of F. The label of the root of F is Ui U U 2 , 
the other labels are unchanged. It is clear, that F has properties (3.1)-(3.4) and 
\l{F)\ = T{mi)+T{m 2 ). 

In order to prove (4.2) take a directed tree F satisfying properties (3.1)- 
(3.4) and suppose, that the label U is at its root, \U\ = mi, |?(F)| = T(mi). 
Then consider the following directed labelled tree F'. Let Ui be an arbitrary set, 
satisfying \Ui\ = m 2 —mi+l{> 2), \Ui n U\=l. The root of the tree F' has label 
[/ U [7i and degree 2, and connected with the root of F and a new point of label 
Ui- It is obvious, that F' has properties (3.1)-(3.4) and \1{F')\ = T(mi) -I- 1. ■ 

Proof (of Lemma 3.2). Let 0 < £ < 5 be a fixed positive number. We use 
induction on m. Let the integer c = c{e) be so large, that (1 — (|)^^^) < 1 — 

2 < . Note, that these two conditions imply i < (1 — ^)^^^. Moreover 

choose the integer M = M{e) so large, that > 2c^T(c^). 

The inequality T{m) < (™) obviously holds, which implies, that (3.5) is true 
for m < M. 

Let TO > M be an arbitrary integer. Suppose, that (3.5) is true, for every 
integer less than to. Consider a tree F G for which |^(i^)| is maximal. If 

r denotes the root, then let JV(r) = {vi,V 2 , ■ . ■ ,Vs, Ws+i, . . . , Vt} where iVo(r) = 
{vi,V 2 ,... ,Ws} and Ni{r) = {us+i, fs+ 2 , . ■ . ,vt} is the decomposition in the 
definition of F. Choose mi = |4(tij)| and let Tj be the subtree, defined by Vi as 
a root (1 < z < t). Observe, that \1{F)\ can be maximal only if T{mi) = \l{Fi)\ 
for every 1 < z < t. So it is sufficient to prove, using the short notation T'(m) = 
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the inequality 

t 

^ r'(TOi) < (4.3) 

i=l 

Now let us decompose the set of indices 1 < i <t into 4 parts: 

P = {i| rui < c^}, 

Q = {i\ <m^< ^}, 

R= {i\ T < ^ 

S = {i\ m(l - < mj. 

By the definition of c and M these sets are disjoint. Note, that the first 
condition on c implies 

5 c {i| < i}. (4.4) 

Case 1: S yf 0. Let j G S. By the symmetry of the definition of F we may 

S 

assume, that 1 < j < s. (3.3) obviously implies ^ rrii < m—rrij and (3.2)-(3.4) 

i=l 

t 

imply ^ rrii < m—rrij + (t—s) < 2{m—mj). These inequalities and (4.1) 

z—s+l 

lead to 

i t 



''^yT'{rrii) = T'{rrij) + ^^T'(mi) < T'{rrij) + T'{m—mj) + T'(2m—2mj). 

i=l i=l 





(4.5) 


Using the induction hypothesis we obtain 




T'{rrij) < — (m— my)m®, 


(4.6) 


T'{m—mj) < (to— TO j)^"'’®, 


(4.7) 


T'{2m—2mj) < {2m—2mjy^^. 


(4.8) 


Observe, that 




(2to— 2TOy)^~''^ = 2^^^ ■ (to— TO j)^'*’® < 3 • (to— TO y)^'*’®. 


(4.9) 


By (4.9) we have 




(to— TO j)^'*’® + (2 to— 2toj)^''’® < 4 • = {m—mj)m^(y ■ 


(=)')■ 




(4.10) 
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By (4.4) the last factor of the right hand side in the big parantheses can be 
upperestimated by 1. Now comparing this, (4.5)-(4.8) and (4.10) we get inequal- 
ity (4.3). 

Case 2'. S = R = %. Then the summation from 1 to t acts on P U Q. By the 
induction hypothesis we have 

t 

y]T'(TOi)< ^ ^ m,{^yrrf. (4.11) 

i=l iePUQ iePUQ 

By the definition of Q and the second condition on c we get | for 

1 < i < t, on the other hand (3.3) obviously implies 

t S t 

X) rrii <m + m = 2m. These two inequalities and (4.11) 

2=1 2=1 2 =S +1 

prove (4.3). 

Case 3\ S = ^ Then ^ T'{mi) = Yl, + Y T'{mi) + Y T'{mi) 

i=l ieP ieQ ieR 

holds. By the induction hypothesis and the definition of R we have 

'^T'{mi) < < iy^2mi(l - \)m^ = 

ieR ieR ieR 

= + (4.12) 

ieR ieR 

By the definition of R and the condition i? yf 0 

ieR 

can be obtained. The choice of M, (4.2), and |P| < m ensures 

2c^ W T'{mi) < ^ ^ (4-14) 

ieP 

So, by (4. 13)- (4. 14) the last term of (4.12) can be lowerestimated in absolute 

value by Y T'(mi). The summation on Q can be made as in Case 2\ 
ieP 



y^T'(TOi) < i y^TOiTO^. (4.15) 

ieQ ieQ ieQ 

Prove the inequality 

y] TOi + y] (wi -I- {mi - ^)) < 2m. 
ieQ ieR 



(4.16) 
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Consider an i G i?. It may be assumed without loss of generality, that 1 < 
i < s. By (3.3), the set A(vi) can have a non-empty intersection only with 2l(tij)s 
satisfying s-|-l < j <t. These sets are disjoint. Here mj > holds for j G QLlR, 
hence the number of sets A(vj),j G QUR, having a non-empty intersection with 
A{vi) is at most The choice i £ R implies |^(fi)| > So by (3.4) at most 
one cth of the elements of A{vi) can be an element of some A{vj), j £ Q U R. 
In other words at least rrii — ^ element is not covered by some A{vj) belonging 
to s-l-1 < j < t, j £ QLI R. Hence we have 

t S S t 

^ (m* - < m and ^ mi+ ^ (m* - < m, 

2=S+1 i — 1 i—1 

iGQUR iGR i^QuR i^R 



proving (4.16). 

By (4.12)-(4.16) inequality (4.3) is valid in this case, too. I 



5 Proof of the Theorems 

Lemma 5.1 A. C~^ = {{oi, 02 , . . . , o/}| 2 < aj—Uj-i < 3, 2 < ai—ai+n < 3}. 
B. IfC* = {A£ C“^|1 G A}, then 

/ n—t \ 

ia=E(ij’ (5-1) 

t=n{2) 



C. s{Cn) — ^ “hOO. 

Proof (Part A). 

Consider an arbitrary subset A of C the above form, it is clearly a maximal 
antikey. Conversely, if K is an antikey, then it can not contain a key, i.e. a 
neighbouring pair. On the other hand, a set, that skips at least 3 neighbouring 
element of Q can not be a maximal antikey, because we can add an element to 
this set, the neighbours of which are not in the set. 

Proof (Part B). 

An arbitrary element {1, oi, . . . , o/} of C* uniquely determines 
a partition of the set f2 into intervals of size two and three: {!,... ,ai — 1}, 
{ai, . . . , 02 — 1}, . . . , {oi, . . . ,n}. Conversely, if such a partition into intervals of 
size two and three is given, then the set of the left endpoints of the intervals 
determine an element of C*. The right hand side of (5.1) is the number of such 
partitions (if the number of intervals of size three is t, then the number of the 
intervals is ^^). 

Proof (Part C). 

It follows easily from (1.1), part A and part B since n -l-oo. I 
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Lemma 5.2 Suppose, that the matrix M zs o minimum representation of the 
Sperner-system 1C, then the following hold: 

(i) for every A G IC~^ there exist two rows, that are equal in A. 

(ii) there are no two rows, that are equal in a (minimal) key K G 1C. 

Proof. Obvious. I 

Note, that this statement can be reversed in a certain sense, see [5]. 

Proof (of Theorem 2.1 Part A). Our task is to determine the “density” of the 
pairs of rows, which are associated with the elements of C~^ by (i). Of course, 
these pairs are different, otherwise there would be two rows, that are equal in 
the union of two maximal antikeys, which is a key, hence contains neighbouring 
elements, contradicting (ii). Let M = [aij\s(c„)ycn be a matrix, that represents 
C 

Notice, that at least one from every three antikeys passes through 1, i.e. 

< |C:| < |C-i|. (5.2) 

Let U = {!,... , s(C„)} be the set of indices of the rows. The equalities of 
the entries in a given column j determine a partition of U or more generally of 
its arbitrary subset W. Let us denote the elements of cardinality at least 2 of 
this partition by Formally let VF C [/ and j be a positive integer. Let us 
introduce the notation 

{ACW \ \A\> 2; zi,Z2 G A => 

ii G A,i 2 G W\A if 1 < J < n— 1, 

0 if J > n. 

We will build (i.e. define recursively) a labelled directed tree F. Let the label 
of the root r of F be A{r) = U. If = {Ui,U 2 , ■ . .Ut} for some t, then let 
N{r) = {vi,V 2 , ■ . ■ vt} and its labels A{vi) = Ui, 1 < i <t. Suppose, that we have 
already defined a vertex v of the tree, and its label ^(u). Furthermore assume, 
that A{v) G for some W CU and 1 < j < rz— 1. If = {A\,A 2 , . . . , 

and = {As+i,As+ 2 , ■■■ , At}, then let N{v) = {vi,V 2 ,... ,vt} and A{vk) = 
Ak (1 < fc < t). 

The leaves of the tree F will be those vertices, for which t = 0. Observe, that 
\Ak n ^/| < 1 (1 < A: < s, 1 < ^ < t), otherwise there would be two rows, which 
are equal in the columns of the key {j+2,j+3} contradicting (ii). We can see, 
that F G 

Consider a set of at least two elements containing the indices of the rows, 
that agree in an arbitrary element of C*. Such a set exists by (i) and it is a subset 
(equal in fact in this simpler case) of some A{v), v G 1{F) by Lemma 5.1. A and 
the definition of the tree F. On the other hand two different elements of C* can 
not be associated with the same element of 1{F), otherwise by the definition of F 
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there would be at least two rows, that agree in a neighbouring pair of columns, 
contradicting (ii). So we obtained the inequality 

\1{F)\ > \C*J. (5.3) 



By Lemma 3.2 we obtain 

\1{F)\ < T(s(C„)) < M2 s(C„)'+^ (5.4) 



The first part of the theorem follows from (5.2)-(5.4) and Lemma 5.I.C. 



Proof (of Part B). 

It is sufficient to calculate the magnitude of the largest term on the right 
hand side of (5.1). This will give a lower estimate, and times this gives an 
upper estimate. 

Let us consider the quotient of two consecutive terms of the sum and examine 
when will it be 1. After simplifications it becomes 

(V-i + 3)(V-^ + 2)(V-^+l) 

(V + iM^-1) 

Introducing the notation x = and rearranging it we obtain 

23x3 - (23 + f )x" + (9 + f + ^)x - (1 + ^ + i| + i|) = 0. (5.5) 



Consider the polynomial P„(x) on the left hand side of (5.5) as the nth 
member of a sequence of functions. The polynomials Pn{x) have no root for 
|x| > 100. On the other hand this sequence uniformly tends to P{x) in the 
finite interval [—100, 100]. From this it follows after a short consideration, that 
(5.5) has a unique real solution if n is sufficiently large and ^ n, i.e. 
Kn = H + o(l). 

From this argument it also follows, that if n is large enough the terms in 
(5.1) are increasing until reaches and decreasing after that. If the index of 
the maximum term is t* , then |K„n — 1*| < 2 holds, so t* = {k + o{\))n. Use this 
in (5.1) 



( V + o(l))?^\ <- ^ ^ + 6 A + o(l))’^\ 

(K + o(l))n y - ' - 6 \{K + o{l))n)' 



(5.6) 



Using the Stirling formula 

„! = I + o(l)) 



we obtain 




= 2 



,n{d\og2 2 + {c-d) log^ ^ + o(l)) 



(1 > c > d > 0). 
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Using this in (5.6) it is easy to see, that 

2n(Klog2 i^+i^log2 j^+o(l)) < |c*| < 

^ ^n{nlog, i^ + i^log2 

Part B of the theorem follows from this inequality, (5.2), and part A. I 
Proof (of Theorem 2.2 Part A). 

We will follow the proof of Theorem 2.1 and see what is different in this 
general case. 

First of all, we need to select a big part Qf of Gn^, which will play the role 
of C*. Note, that every maximal antikey necessarily contains at least one of the 
first three elements of U, 1 < i < k. The same can be said about the last three 

k 

elements. So let Wn = VoU (J W 2 *\ if n is so large, 

i=l 

that rii > 9 holds for every 1 < z < fc. There are at least | I maximal 

antikeys having the same intersection with Wn- Let Gn denote these antikeys. 
We obtained 



< \G*u\ < ( 5 . 7 ) 

By the same argument as in the proof of Lemma 5.1. A, it can be seen that 
if A n U = } then 2 < jr+i—jr <3, 1 < r < I— I for every 

1 < z < fc. This statement can be reversed. For every 1 < z < fc there are 2 
indices. In € {2,3,4} and l 2 i G {rzi— 3, zzj— 2, zzj— 1}, so that the following holds. 
Consider an arbitrary subset A of 17 satisfying zcj *^^ , G An Vi and having 
the above fixed intersection with Wn- Furthermore, suppose, that if A n U = 
. . . ,Wji} then 2 < jr+i—jr <3, 1 < r < I— I for every 1 < z < fc 
holds. Then A G Gn- (If G A or G A, then let = 2 or 3 respectively. 

If G A and ^ A, then G A must hold, so let lu = 4.) 

In the next step, we define a labelled directed tree F. This tree will be built 
similarly as in the simpler case. There are two differences. We will not use all of 
the vertices and we have to tell how to connect the different Us. Unfortunately, 
we must use somewhat more difficult notations. 

For the sake of convenience let us introduce the notation U = hi — hi + 
1) 1 < z < fc. We can assume (by changing the order of the columns), that 

/ .N. Z 1 

w)(h hi < h< hi is associated with the ((X) h) + h — hi + l)-th column of M. 

r—1 

Let U = {1, . . . , s(tz„)| be the set of indices of the rows. For fixed z and h 

i— 1 

denote the number ji^h = h + 'Yf h shortly by j. If T C {7 and I < z < fc then 
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let us introduce the following notation for every positive integer h: 



W 



{A C W \ \A\ > 2; ii,Z2 G A^ 

h & A,i2^ T\A ^ if 1 < /i < tj, ti-l, 

0 otherwise. 



Let the label of the root r of F be A{r) = U. If = {U\, U 2 , ■ ■ ■ Ut} for 
some t, then let N{r) = {vi,V 2 , ■ ■ - Vt} and its labels A{vi) = Ui, 1 < i < t. 
Suppose, that we have already defined a vertex v of the tree, and its label 
zl(n). Furthermore assume, that A{v) G for some W C U and I < h < 
ti, h yf ti—1. There are two cases. In the first case suppose, that /i yf F or 
z = fc. If = {Ai,A 2 , and ^1^+2, • ■ • , At}, then let 

N{v) = {vi,V 2 , . . . , Vt} and A{vr) = Ar (1 < r < t). Observe, that \Ar n ^/| < 
1 (l<r<s, l<?<t), otherwise there would be two rows, that are equal in 
the columns of the key {j+2,j+3} contradicting (ii). Suppose, that h = ti and 
1 < z < k-l. If = {Ai,A 2 , ... , At}, then let N{v) = {ui,z; 2 , • • • ,vt} and 

A{vr) = Ar (1 < r < t). The leaves of the tree F will be those vertices, for 
which t = 0. We can see, that F G _ 

The same argument as in the proof of Theorem 2.1 shows, that 

\1{F)\ > \Gu\- (5.8) 



By Lemma 3.2 we obtain 

\1{F)\ < T(s(0„)) < (5.9) 

We need a last little observation. s{Qn) is not just tends to infinity, but it 
grows exponentially (for example, it follows from (5.1) and (5.10)). So = 
2 o(n) ^ s{QnY if n is large enough. The theorem follows from (5.7)-(5.9). 

Proof (of Part B). By the statement on in Part A we obtain 

\G*n\ = l[K-i\- (5.10) 

2=1 



k 

By the definitions of VF„ and ti it is obvious, that n— \ Wn \ — k < ^{ti — 1) < 

i—1 

n — \ Wn \ + 3fc. So by the concluding exponential expression of \C*\ in the proof 
of Theorem 2.1.B and (5.10) we obtain 



2(n-|lV„|-fe)(A+o(l)) < 1^*1 < 2A-\Wr\+^A(>'+0p)) 



(5.11) 



” ^ ^ n |u^|+3fc ^ (5.7), (5.11), and part A of the theorem proves 

part B. ■ 
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Abstract. ^ ^ We define four different properties of relational databases 
which are related to the notion of homogeneity in classical Model Theory. 
The main question for their definition is, for any given database, which 
is the minimum integer k, such that whenever two fc-tuples satisfy the 
same properties which are expressible in First Order Logic with up to 
k variables (FO^), then there is an automorphism which maps each 
of these fc-tuples onto each other? We study these four properties as a 
means to increase the computational power of sub-classes of Reflective 
Relational Machines (RRM) of bounded variable complexity. For this 
sake we give first a semantic characterization of the sub-classes of total 
RRM with variable complexity k, for every natural k, with the classes 
of queries which we denote as QCQ^ . We prove that these classes form 
a strict hierarchy in a strict sub-class of total{CQ). And it follows that 
it is orthogonal with the usual classification of computable queries in 
Time and Space complexity classes. We prove that the computability 
power of RRM^ machines is much bigger when working with classes of 
databases which are homogeneous, for three of the properties which we 
define. As to the fourth one, we prove that the computability power of 
RRM with sub-linear variable complexity also increases when working 
on databases which satisfy that property. The strongest notion, pairwise 
fc-homogeneity, allows RRM^ machines to achieve completeness. 



1 Introduction 

The RRM {Reflective Relational Machine of [1]), is a suitable model for com- 
puting queries in the class CQ of computable queries ([6]), on classes of finite and 
relational structures, or relational databases {dh from now on). It is an extension 
of the RM {Relational Machine of [2]). Recall that a RM is a Turing Machine 
with the addition of a relational store {rs from now on), where a countable set of 
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relations of bounded arity can be stored. The interaction with the rs is done only 
through FO (First Order Logic) formulae in the finite control of the machine, 
and the input db as well as the output relation are in rs. Each of these FO 
formulae, is evaluated in rs according to the transition function of the machine 
and the resulting relation can be assigned to some relation symbol or index of 
the appropiate arity in the rs. Note that this kind of interaction with the db 
and auxiliary relations is what enforces the preservation of isomorphisms in this 
model of computation, as opposite to Turing Machines. The arity of a given 
relational machine is the maximum number of variables of any formula in its 
finite control. We will regard the schema of a db as a relational signature, that 
is, a finite set of relation symbols with associated arities. And we will consider 
a db instance, or db, as a finite structure of a relational signature. In the RRM 
model the FO queries are generated during the computation of the machine, 
and they are called dynamic queries. Each of these queries is written in a query 
tape and it is evaluated by the machine in one step when a distinguished query 
state is reached. Another important difference w.r.t. RM is that in RRM the 
relations in the rs can be of arbitrary arity. In [2] it was proved that the RM 
model is incomplete, that is, it cannot compute the whole class CQ on a given 
signature or db schema. As to the RRM model, in [1] it was proved that it is also 
incomplete if we restrict the number of different variables which can be used in 
any FO query generated during a computation, to be less than the size of (the 
domain of) the input db (that is, if we restrict what is known as the variable 
complexity of the model in that way). 

A natural question arises from the incompleteness of these models of com- 
putation of queries: which properties, if any, of the input db can increase the 
class of queries which these classes of incomplete machines can compute, when 
working with db’s which satisfy any of those properties? 

In the study of the expressibility, or query computability, of different logics 
below second order, the presence of a total order relation in the structures (or 
db’s) was shown to be quite relevant ([11], [10]). In [2] it was proved that the 
class RM is complete when the input db is ordered. This means that for every 
computable query q there is a machine in the class which computes a query q' 
such that for every ordered db I of the corresponding schema, it is q'{I) = q{I), 
and this is not necessary the case if the input db is not ordered. In [9] and [14] 
hounded rigidity in classes of finite and relational structures, or db’s, was stud- 
ied as a property which allows (incomplete) RM to achieve completeness. In the 
second work, unbounded rigidity was also studied with the same purpose, con- 
sidering (incomplete) reflective relational machines whose variable complexity is 
bounded by a sub-linear function (to be explained later in this Section). Finally, 
in [15] bounded and unbounded partial rigidity were studied also as a means to 
increase the computability power of (incomplete) RM and RRM whose vari- 
able complexity is bounded by a sub- linear function, respectively. Recall that a 
database is rigid if it has only one automorphism, which is the identity. Let’s 
denote as FO^ the sub-logic of FO where formulae are restricted to use up to 
k different variables. A class of rigid databases is said to be of bounded rigidity, 
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if there is an integer k such that every element in every database in the class is 
definable in (up to automorphism), and the class is said to be of unbounded 
rigidity, otherwise. Finally, a database is partially rigid if it has a non empty 
subset of definable elements. 

That is, there is a main point leading to a research program, which is finding 
properties of db’s which are “good properties”, in the sense that a query lan- 
guage, or any kind of suitable formalism for this matter, which is incomplete, can 
benefit from these properties and increase its computation power when working 
on db’s which satisfy them. 

Up to now, order, rigidity, either bounded or unbounded, and partial rigidity, 
also either bounded or unbounded, are properties of databases which have been 
shown to be quite relevant as to computability power. The results presented here 
show that different notions related to homogeneity are also quite relevant in the 
same way. 

In this paper, following the same research program, we study different notions 
which are related to the notion of homogeneity of classical Model Theory (see 
[8] among others). We define four different notions, which will be informally 
explained later in this Section, and we study them as properties of classes of 
structures, or db’s, which allow incomplete RRM to increase their computability 
power when working on this kind of classes. We only consider total machines here, 
that is, machines which compute total queries. Three of our notions are similar to 
some properties independently defined in [13], where they are studied in relation 
to the expressibility of fixed point logics. 

The main question for the definition of our properties is, for a given db 
which is the minimum integer k, such that whenever two fc-tuples have the same 
type (see below) then there is an automorphism which maps each of these 
/c-tuples onto each other? 

In order to study the increment in computation power of the RRM when 
working on db’s which satisfy any of our properties, we give first (in Section 
2) a semantic characterization for the sub-class of total queries which are com- 
puted by RRM^ (i.e., RRM with variable complexity k), for every natural k. 
Similarly, RRM^'^^'> will denote the class of RRM with variable complexity 
0(1). The restriction to total machines will be denoted as total{RRM^) and 
total(RRM^^^l), respectively. Consequently, we will denote the sub-class of to- 
tal computable queries as total {C Q) . We do this characterization by defining, for 
every A: > 1, the class QCQ^ C total (CQ), as the total queries which preserve 
FO^ types realization. Roughly, for every 1 < ^ < fc, an FO^ type for Utuples 
is a property of Utuples which is expressible in FO^ by a set of formulae with I 
free variables. And we say that a db / realizes an FO^ type for Utuples if there 
is an Utuple in I which satisfies the property expressed by that type. Then, by 
preservation of FO^ types realization, we mean that for every pair of db’s of the 
corresponding schema, and for every property of /c-tuples which is expressible 
in FO^ , if either both db’s have no /c-tuple which satisfy that property, or both 
db’s have a non empty subset of /c-tuples which satisfy it {without minding the 
cardinalities of the corresponding subsets), then the relations defined in each db 
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by the query also agree in the same sense, considering the schema of the db’s. 
So that, for every natural fc, the class QCQ^ is the sub-class of the computable 
queries which cannot distinguish differences between two non isomorphic db’s, 
which need more than k variables to be expressed in FO. It is well known that t- 
wo db’s realize the same types iff they have the same FO*’ theory (i.e., both 
databases satisfy the same set of FO*’ sentences). So that the class QCQ^ may 
also be regarded as the sub-class of computable queries which, when evaluated 
on db’s that satisfy the same properties expressible in FO*, the corresponding 
resulting relations in the two db’s also satisfy the same properties expressible in 
FO* (considering the schema of the databases as signature for the sentences). 
The way in which we define the classes QCQ* is to some extent implicit in [2] 
and [5]. 

We show that, for every A: > 0, QCQ* = total{RRM^), and we show also 
that these classes form a strict hierarchy inside total{CQ). We denote the whole 
hierarchy as QCQ^, and this class gives us the semantic characterization for 
total{RRM^^^'>). 

The properties of preservation of the realization of types in FO with dif- 
ferent bounds in the number of variables, for queries, are quite natural, since 
in the definition of computable query ([6]) the very property of preservation of 
isomorphisms is crucial. And, as it is well known, on finite structures isomor- 
phism is equivalent to the realization of the same FO types. That is, two finite 
structures (or db’s) of the same relational signature (or schema) are isomorphic 
iff for every FO formula with one free variable either there is no element in the 
two structures which satisfy that formula, or they both have the same number 
of elements which satisfy it. Note that in defining isomorphism of structures we 
have considered not only the automorphism type of a given tuple, but also the 
number of tuples which realize that type in the structure. Actually, if we use 
FO types, the number of tuples which satisfy a given property can also be ex- 
pressed in the formula which expresses that property, so that two structures are 
isomorphic iff they both realize the same FO types (as an example, think of a 
formula with one free variable which says “a; is an isolated node and there are 
7 such nodes” , in the schema of graphs) . As to FO* types, we cannot express 
cardinalities of sets of tuples in FO* beyond a constant. So that even for db’s 
where FO* types are automorphism types, equivalence in the FO* types which 
are realized in two given db’s is far from being equivalent to isomorphism. 

Then, when we define different restrictions in the types, as to the number of 
variables which may be used for their definition, what we are actually doing is 
defining different levels as to the amount of information on the db which every 
query really needs for it to be evaluated on that db. Or how carefully needs a db 
be analyzed for the query to be evaluated on that db. 

An interesting characteristic of the hierarchy of the classes QCQ*, for fc > 1, 
is the fact that it is orthogonal with the usual classification of the computable 
queries in complexity classes. That is, in every level in the hierarchy there are 
queries of any complexity class in the usual classification defined by Turing 
Machine complexity. 
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We believe that the definition of the classes QCQ^ and QCQ^ (see also the 
definition of the class QCQ later in this Section) is interesting in its own right 
and independently of the use we make of them here, since no semantic charac- 
terization of is known at present, as to the author’s knowledge. They 

can help in a better understanding of the computability power of the RRM and, 
particularly, of the signification of different bounds in their variable complexity. 
To this regard we are building on the seminal work of S. Abiteboul, C. Papadim- 
itriou, M. Vardi and V. Vianu ([2], [4], [5], [3] and [1]). Besides, as the QCQ'^ 
hierarchy is orthogonal with the usual Time and Space complexity hierarchy, it 
can be used to define (and study) finer and more precise classes of queries, for 
instance by intersecting layers in both hierarchies. As to the RM, as it is known 
that the whole class of these machines is equivalent, as to computational power, 
to the sub-class RRM^^^^ (see [3]), then it turns out that QCQ^ = total(RM). 
So that we get also a semantic characterization for this model. On the other 
hand, it is not known, for every natural k, which sub-class of RM is equivalent 
to the sub-class RRM^. Though it is clear that RRM^ includes the sub-class 
of RM of arity fc, and hence QCQ^ includes the sub-class of RM of arity k, it 
is not known whether the inclusion is strict, though it is strongly believed to be 
the case. 

As there are many classes of db’s for which no bound in the number of 
variables is enough to define the automorphism types for tuples for every db in 
the class, we also define a sub-class of the total queries which we denote as QCQ. 
Queries in this class are defined in such a way that they preserve realization of 
types built with the number of variables which is actually needed for each db 
to define the automorphism types for its tuples. This class strictly includes the 
hierarchy QCQ‘^. On the other hand, there are computable queries which are 
not in QC Q, because queries in this class cannot count the number of different 
tuples of the same automorphism type, beyond a fixed bound. So that we have 
the following picture inside total (CQ), where C denotes proper inclusion: 

QCQ^ C ... C QCQ'^ C ... C QCQ“ c QCQ c total{CQ). 

In Section 3, we define our four notions related to homogeneity. The first three 
notions which we define are k-homogeneity, strong k -homogeneity and pairwise 
k-homogeneity. Roughly, a db is k-homogeneous if k variables suffice to define 
the automorphism types for their fc-tuples. We prove that, for every natural 
k, machines in total{RRM^) working on such classes of db’s augment their 
computability power to such an extent that, in a sense which will be clarified 
later (Corollary 3.1), they go through the whole hierarchy and they fall 

somewhere between QCQ^ and QCQ. A db is strongly k-homogeneous if it is 
r-homogeneous for every r > k. Here we show that, roughly, for every r > fc > 1, 
the class of queries computable by total{RRM'~) working on such classes of db’s 
strictly includes the class of queries computable by the same machines on classes 
of db’s which are fc-homogeneous but which are not strongly fc-homogeneous. 
And as to the third notion, we say that a class of db’s is pairwise k-homogeneous 
if for every pair of db’s in the class, and for every pair of fc-tuples a and b taken 
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respectively from the two db’s, if both ^-tuples have the same FO'^ type, then 
the two db’s are isomorphic and there is an isomorphism mapping one tuple 
onto the other. We show that, for every k, machines in RRM^ working on such 
classes achieve completeness, provided the classes are recursive and closed under 
isomorphisms. 

We then consider RRM whose variable complexity is bounded by a sub- 
linear function. For our purpose, it is enough to define a sub-linear function as 
a function over the naturals such that for every n € w it is /(n) < n. We will 
denote as RRM^'^'^'> an RRM whose variable complexity is /(n), that is, the 
number of variables which may be used in the dynamic queries is bounded by 
/(n), where n is the size of the domain of the input db. For this case we define 
our fourth notion of homogeneity, in which the number of variables which we 
may use for the types for fc-tuples is given by a function on the size of the db. 
We denote this notion as (/(n), k) -homogeneity . And we prove that, roughly, for 
every sub-linear function / defined over the naturals, the class of queries which 
can be computed by RRM^^'^'> machines (which are known to be incomplete, [1]) 
on classes of db’s which are {f{n), /c)-homogeneous strictly includes the class of 
queries which can be computed by machines on classes of arbitrary 

db’s. 

So, we conclude to this regard that our different notions related to homo- 
geneity in classes of db’s are all relevant regarding computability power. 

Finally, we make some considerations regarding a connection of our research 
with an aspect of db practice, namely, a real world query language (SQL2). 
Roughly speaking, for every natural k, the sub-class of RM of arity k can be 
considered as being equivalent, as to computation power, to the sub-class of 
SQL2 expressions which are restricted to reference at most k different attribute 
names. In [3] the equivalence in computation power between the class of RM 
and the class RRM^^^^ was proved, but the arity of each RM is not preserved 
by that extension. That is, it is not automatically translated into a constant 
bound for the variable complexity of the corresponding RRM . So that, for any 
given RRM^ machine there exists a RM of arity fc', for some k' > k, which 
computes the same query. Then, our results in Section 2 mean, regarding SQL2, 
that the class of total queries which can be computed by the sub-class of SQL2 
expressions restricted to k' different attribute names is roughly characterized by 
the class QCQ^, for some k < k' . And they also mean that the class of all SQL2 
expressions form a strict hierarchy regarding the number of different attribute 
names which are allowed to be referenced in each expression. We think that 
this rough characterization of sub-classes of SQL2 expressions, yet being quite 
approximate, is of interest because it helps in understanding the kind of queries 
which can be computed by this language, and the meaning of the bound in the 
number of different attribute names which are allowed in the expressions. As 
to the results in Section 3, they tell us, to this regard, that fixing a given layer 
in that hierarchy in SQL2, the sub-class of SQL2 expressions corresponding to 
that layer can increase its computation power when the input db happens to 
satisfy any of the four properties which we defined in this paper, to an extent 
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which depends on the particular property which is satisfied by the db, according 
Theorem 3.1 and Lemmas 3.1, 3.2 and 3.3. 

Some of the results presented here appeared in a short paper in [16]. 

2 A Characterization of Sub-classes of RRM 

In the present article we will deal only with relational db’s, or finite structures 
whose signature is finite and relational. Let ct be a signature (or db schema), 
and let / be a cr-structure (or a db of schema cr) . We will denote the domain of / 
as dom{I). For any k > 0, we will denote a fc-tuple of I as Ofc. This is not to be 
confused with the fc-th component of dk, which we will usually denote as a^. If 
cr is a finite relational signature, we will denote the set of all finite cr-structures, 
or db’s of schema a, as Sajin- 

Recall that, given a cr-structure /, an FO^ type for an Ltuple di of /, with 
I < k, is the set of cr- formulae in with I free variables, such that every 

formula in the set is TRUE when interpreted by / for any valuation which 
assigns the z-th component of di to the z-th free variable in the formula, for 
every 1 < z < L We will say that a structure I realizes a type (j) for /c-tuples, 
if there exists a /c-tuple in dom{I) whose type is <j>. Let Ii and C be two db’s 
of schema cr for some schema cr, and let fc > 1. We will say that Ii and I 2 are 
FO^ equivalent if they satisfy the same set of FO^ sentences. We will denote 
this (equivalence) relation as = po*‘ ■ 

Definition 2 . 1 . Let I\ and I 2 he two db’s of schema a for some schema a, and 
let k > I > 1. We will say that I\ and I 2 agree on FO^ types for Ltuples, 
if they both realize the same set of FO^ types for l-tuples. We will denote this 
(equivalence) relation as =r ^. , . In case that it is I = k, we will denote the relation 

(XS =Tf~ ■ 

Note that, for every fc > 1, and for every pair Ji, I 2 of db’s of the same 
schema, the following holds: 

Ii =FO^ I 2 h =Tk h h =Tk,i h for every fc > ^ > 1. 

Further, from the study in [9] it follows that for every k > I > 1, and for 
every pair I2 of db’s of the same schema, if I\ =Tk,i I2, then Ii =^1 h- 

In [9] it is shown that, for every A: > 1, every type for /c-tuples can be 
isolated through an FO^ formula with k free variables. That is, a single formula 
defines the same type for fc-tuples on every database of the same schema. 
We will call such a formula the isolating formula for the corresponding 
type for fc-tuples. Dawar builds these formulae through an inductive definition, 
and at every stage of the induction a formula which characterizes a sub-type 
with a bounded quantifier rank is obtained. Then he shows that for a database 
of size n, steps in the induction suffice to build the isolating formula for the 
corresponding type. 

Let’s denote by =k the (equivalence) relation induced in the set of fc-tuples 
of a given db I, by the equality in the types of the fc-tuples. That is, for 
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every ak and bk in {dom{I))^ , Ofe =k bk iff ak and bk have the same type 
for fc-tuples. 

Remark 2.1. The following two observations, which will be later used, follow 
from [2] and [9]: for every schema cr, for every db / of schema a, for every fc > 1, 
for every 1 < r < A: and for every FO^ formula Lp of signature cr, with r free 
variables, the relation which ip defines on / is a union of equivalence classes in the 
relation =k on I, reduced to r-tuples; and for every fc > 1, for every 1 < r < fc, 
and for every db / of the corresponding schema, equivalence classes in on I 
are unions of equivalence classes in =k on /, reduced to r-tuples. 

Definition 2.2. For every k>l, we define the class QCQ^ as the class ofl-ary 
queries f € total (CQ), of some schema a and for some I < k, such that for every 
pair of db’s I\, I 2 in Sa-jin, if h =Tk I 2 then /(/i) =Tk,i f{l 2 ), with respect to 
the schema a. We also define QCQfi = IJfceij QCQ^ . 

That is, queries in QCQ^ preserve realization of FO^ types. In the consid- 
eration of the observation after Definition 2.1, queries in QCQ^ may also be 
regarded as those which preserve “agreement” of FO^ theories. That is, when- 
ever two db’s satisfy the same sentences of FO^ (or properties expressible in 
FO^), the resulting relations of the evaluation of the query on both db’s will 
also satisfy the same sentences of FO^ (considering the schema of the db’s as 
their signature). 

Note that queries in the class CQ (computable queries) preserve realization 
of FO types. This is because, as db’s in this context are finite structures, then 
their FO types are also isomorphism types. This is due to the well known fact 
that finite structures can be described in FO up to isomorphism (their FO 
theories are categorical, see [8]. Preservation of isomorphisms is a crucial property 
of queries in CQ and, clearly, a query preserves isomorphisms iff it preserves 
realization of isomorphism (i.e., FO) types. So that queries in CQ range, to this 
regard, from those which need to be aware of every property of the db up to 
isomorphism (i.e., FO property), to those for which it is enough just with caring 
about FO^ properties of the db, for some fixed k. And the different sub-classes 
QCQ^, correspond to different degrees of “precision”, say, with which the queries 
in the given sub-class need to consider the db for them to be evaluated. 

Remark 2.2. Let / € total{CQ), of schema a. Note that, for every A: > 1 and for 
every A S w, if / preserves realization of FO^ types for A:-tuples on every pair 
of db’s in S^jin then / also preserves realization of FO^^^ types for {k + i)- 
tuples on every pair of db’s in Sa-jm- This follows from the very definition of 
preservation of realization of types by a function, and it can be also derived as 
a Corollary to Lemma 2.1. 

Next, we will give a semantic characterization of the class of total RRM^ 
machines. 

Theorem 2.1. For every k>\, the class of total queries which are computable 
by RRM^ machines is exactly the class QCQ^ . 
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Proof, a) (C): Using the Remark after Definition 2.1. b) (U): For every query 
/ G QCQ^ of schema a we can build a RRM^ machine AJ/, which computes 
/. With the input db I in its rs, AJ / builds in its TM tape an encoding of a db 
I' which will agree with / on the FO^ types for ^-tuples. For this purpose, Ad/ 
builds every possible db I' of schema cr for every possible size n, with domain 
{1, . . . , n}. For every /c-tuple in Ad / builds the isolating formula for its 
type as in [9], following its inductive construction up to the step By using 
these formulae as dynamic queries, Ad/ checks whether / =t^ I'. At that point 
Ad/ computes f{I'), and finally it builds /(/) in the rs considering the 
types realized in F which are realized also in /(F)- 

Corollary 2.1. QCQ^ =total{RRM^^^l)=total{RM) and QCQ^ C total{CQ). 

Remark 2.3. Regarding the class RM , two different syntactic characterization- 
s are known. In [2], it was noted that the class of queries computable by this 
machines is exactly the same class known as WHILE"'". This is the RQL pro- 
gramming language of [7] with the addition of the set of natural numbers as a 
secondary domain with arithmetic restricted to it. In [5], regarding only boolean 
queries, it was proved that, for every integer k greater than the maximum arity 
in the corresponding schema, the queries which are computable by RM of arity 
k are exactly those which can be expressed by a r.e. fragment of the infinitary 
logic Further, if RM are restricted to compute total boolean queries, then 

the class of queries which are computable by RM of arity k is the class of queries 
expressible in a recursive fragment of This logic extends FO by allowing 

conjunctions and disjunctions over infinite sets of formulae, while restricting the 
number of variables in every formula to be at most k. The union of the logics 
foi' every k > 0 is the logic where every formula is restricted to use 

a finite number of variables. And the corresponding r.e and recursive fragments 
give us a characterization for the whole classes of RM and total(RM), respec- 
tively, and considering only boolean queries. As to the author’s knowledge it is 
not known at present a semantic characterization for the sub-class of RM of 
each particular arity. 

Now we will show that the classes QCQ!^ form a strict hierarchy inside 
total{CQ). In [1] it is shown that RRM with sub- linear variable complexity 
form a strict hierarchy, according to the function which bounds the number of 
variables in dynamic queries depending on the size of the input database. Their 
result is related, to some extent, to our next result, by Theorem 2.1. 

Lemma 2.1. For every fc > 0, D QCQ^ . 

Proof, a) (D): Trivial, using Theorem 2.1. b) (y^): Define the query / in the 
schema of the graphs as “nodes in {k + l)-suhcliques” . Then, / S QCQ!^'^^ , but 
/ ^ QCQ^. 

The hierarchy defined by the classes QC is not only strict, but it is orthog- 
onal with respect to the usual complexity classes. Note that, for every k > 1, 
any recursive predicate evaluated on the number of equivalence classes in =fe 
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is in QC . Intuitively, what this hierarchy classifies is how carefully needs the 
structure or db be analyzed for the query to be evaluated. The lower is the pa- 
rameter k, the less information on the db is needed for the query to be evaluated 
on it. 

Remark 2. 4- In [2] it is stated that total(RM) C ^ (see remark after Corol- 
lary 2.1). It is also noted there that, as this logic has the so called 0-1 Law, then 
it follows that total(RM) has also the 0-1 Law. This means that the asymptotic 
probability of every property which can be expressed in the formalism (or which 
belongs to the given class) always exist, and is 0 or 1 (see [12]). Then, from 
Theorem 2.1 and Corollary 2.1, it follows that the boolean queries in the classes 
QCQ^ and QCQ^ , for every fc > 1, also have the 0-1 Law. 

3 Homogeneous Databases 

From the Remark after Definition 2.1, it follows that as we allow for more vari- 
ables to be used in writing the isolating formulae for types of tuples (as in the 
Proof of Theorem 2.1), we get a more precise view of the properties which i- 
dentify a given set of tuples among the whole set in the domain of the db. The 
limit is FO, in which logic we can express the automorphism types for tuples 
of every length in every db. So, we ask the natural question arising from this 
observation: how many variables are needed for a given db and for a given in- 
teger k, to express the properties of /c-tuples in that db up to automorphism?^ 
That is, we look for the minimum integer k such that FO^ types for fc-tuples 
are automorphism types for /c-tuples in that particular database. 

Note that a type, or a property which in one db is enough to define an element 
up to automorphism (i.e., an automorphism type), may not be enough to define 
an element in another db of the same schema. Let’s consider the property “the 
out degree of x is 2” in the schema of graphs. In some graphs it may certainly 
identify a set of nodes which cannot be distinguished from each other (for every 
pair of nodes in the set there are automorphisms in the graph which map one 
onto the other), so that the property is an automorphism type for those graphs. 
For instance, think of graphs which are collections of binary trees of depth 1 
and out degree 2. But this is not the case for every graph. In arbitrary binary 
trees there may be certainly many nodes with out degree 2, but which may 
also have some other properties which distinguish one from each other, like the 
depth of the node in the tree, or the length of the longest chain which begins 
in it, etc. So, in these other graphs our property is not an automorphism type 
(strictly speaking, our property about the out degree is not even a type in these 
graphs, since there are other properties which the nodes with out degree 2 also 
satisfy in the graphs, and types are consistent and maximal sets of properties, 
see definition at the beginning of Section 2) . 

On the other hand, it may be the case that for a given class of db’s the 
automorphism types are also isomorphism types. See Definition 3.3, and the 

This was suggested to me by Lauri Hella. 



3 




298 



Jose Maria Turull Torres 



example which follows it. In this Section we define different notions regarding 
what we define as homogeneity for its close relation with the classical concept in 
Model Theory (see [8] among others). For every A: > 1, and for any two fc-tuples 
Ofe and bk of a given db /, we will denote as =~ the (equivalence) relation defined 
by the existence of an automorphism mapping one tuple onto the other. That is, 
Ok =~ bk iff there exists an automorphism f on I such that, for every 1 < i < A: 
is /(fli) = bi- Note that, according to what we said above about FO types, we 
can also define this relation using types. That is, Ok =~ bk iff, for every formula 
ip G FO with k free variables Ok is in the relation defined by in / iff bk is also 
in that relation. 

Definition 3.1. Let k > 1. A db I is A;-homogeneous if for every pair of k- 
tuples dk and bk in {dom{I))^ , if dk =k bk, then dk =~ bk- Let k>l, and let a 
be a schema. A class C of db ’s of schema a is A:-homogeneous if every db L G C 
is k -homogeneous. 

From the definition of the relation and from Definition 3.1, it follows 
that, for every A; > 1, if a db / is A:-homogeneous, then for every 1 < I < k and 
for every pair of Ftuples di and bi in {dom{L)Y , if di =k h, then di =~ 5/. Note 
that if a db / is A;-homogeneous, for some k, it is not necessarily r-homogeneous 
for every r > k. So, we next define a stronger notion regarding homogeneity. 

Definition 3.2. Let k > 1. A db L is strongly A;-homogeneous if for every r > k 
it is r-homogeneous. Let a be a schema. A class C of db’s of schema a is strongly 
A:-homogeneous if every db L € C is strongly k -homogeneous. 

Remark 3.1. Note that every db is strongly A;-homogeneous for some A: > 1. 
However, it is clear that this is not the case with classes of db’s. And it is quite 
easy to build classes which are not even A:-homogeneous for any k. Let’s consider 
a class of graphs where each one is the disjoint union of two trees as follows. 
Every tree is built over a linear sub-graph, by adding > 1 sons to the maximal 
node of the linear sub-graph. And in every graph in the class the length of the 
linear sub-graphs in both trees is the same, and the out degree is different in 
both of them. The lengths and the out degrees can grow arbitrarily in the class. 
Now let’s take one graph with, say, out degrees k and {k -\- 1), respectively, in 
the trees which form it. This graph certainly cannot be A;-homogeneous, because 
we can easily choose two A:-tuples, one from each tree, which have the same 
type and for which there is no automorphism mapping one to each other. This is 
because in FO^ we cannot distinguish between out degrees k and (A: -I- 1). Then, 
as the out degrees are not bounded in the class, it is clear that the class cannot 
be A;-homogeneous for no k. 

It seems that it is not easy to find examples of classes of db’s which are 
A:-homogeneous, for some k, but which are not strongly A:-homogeneous. How- 
ever, we believe that such classes do exist. That is, we believe that strong k- 
homogeneity is actually a stronger notion than A;-homogeneity. 

In [2] it was noted that the discerning power of a RM of arity k is restricted 
to FO^ types for A:-tuples (and the same is also true regarding RRM^ machines. 
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see [1]). So, the following result seems quite natural, and is somehow implicit in 
Abiteboul and Vianu’s work. 

If / is a query of schema a, and C is a class of db’s of schema <t, we will 
denote as /|c the restriction of / to the class C. 

Theorem 3.1. For every k > 1, there is a set of queries F of some schema 
a such that if C and C are any two classes of db ’s of schema a, such that C 
is k-homogeneous and C is not k -homogeneous, then, for every f € F, f\c is 
computable by a RRM^ machine, but it is not the case that for every f G F, 
f\c is computable by a RRM^ machine. 

Proof. For every given k, and for every db I, let’s define the k-ary query qi, for 
t > 1, as the i-th equivalence class in the relation for fc-tuples in I, considering 
any pre-defined and computable order. These queries are certainly computable 
by RRM^ machines on fc-homogeneous classes of db’s. But, by the Remark after 
Definition 2.1, not all of them will be computable by RRM^ machines on classes 
of db’s which are not /c-homogeneous. 

Remark 3.2. Note that the subclass of queries which can be computed by RRM^ 
machines on fc-homogeneous classes of db’s, but which cannot be computed by 
such machines on arbitrary classes of db’s, is quite big. Let’s consider by case 
that a RRM^ machine can count the number of equivalence classes in = 2 ; for 
fc-tuples on a fc-homogeneous db as an intermediate result in its TM tape. This 
can be done by following the same process as we did in the Proof of Theorem 2.1, 
and then by counting the isolating formulae for FO^ types on whose realization 
both databases (/ and I') agree. And it should be clear by now that, for any 
schema a, this number cannot be computed by any RRM^ machine on the 
whole class Sa-jm- Then we can use this parameter, which we will call type index 
for k-tuples following [2], as the argument for any partial recursive predicate 
in a RRM^ machine. So that the whole class of partial recursive predicates, 
evaluated on the type index for fc-tuples of the input database is included in 
the subclass of queries which can be computed with RRM^ machines, due to 
fc-homogeneity. However, fc-homogeneity is not enough to achieve completeness 
with RRM^ machines, as queries like parity of the size of the input db, parity on 
the sizes of the equivalence classes in =^, and isomorphism, are not computable 
with these machines, even on fc-homogeneous classes of db’s. Let’s consider as an 
example a class C of graphs which are the disjoint union of some set of cliques of 
size fc. This class is clearly fc-homogeneous. Now, let’s consider the equivalence 
class in =fc of the fc-tuples of nodes which belong to the same clique. It is clearly 
also a class in =^, and for different graphs it can have certainly a different size. 
But a RRM^ machine cannot count the tuples in this equivalence class. 

Next, we will show that the property of strong fc-homogeneity will allow 
the RRM^^^'> machines to get still more power as to computability of queries. 
But this time we will use machines with variable complexity r, for every r > 
fc, considering that according to Definition 3.2 the strong fc-homogeneity of a 
class implies its r-homogeneity, for every r > k. And this is not the case for 
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^-homogeneous classes which are not strongly fc-homogeneous. Let’s denote by 
{Fr}r>k a countably infinite class of sets of queries Fr, for every r > k. 

Lemma 3.1. For every k > 1, there is a class of sets of queries T = {Fr}r>k 
of some schema a, such that, if C and C are any two classes of db’s of schema 
a, such that C is strongly k-homogeneous and C is not strongly k -homogeneous, 
then for every Fr G F and for every f € Fr, f\c is computable by an RRM’~ 
machine, but it is not the case that for every Fr € F and for every f G Fr, f\c 
is computable by an RRM^ machine. 

Now we will define a stronger concept regarding homogeneity, but this time 
involving classes of db’s, instead of a single one. We will show that with this 
stronger notion we can achieve completeness with RRM^ machines. Note that 
in this case we are considering the whole class RRM^, including machines which 
compute partial queries. 

Definition 3.3. Let a be a schema, and let C be a class of db’s of schema a. 
Let k > 1. We say that C is pairwise fc-homogeneous, if for every pair of db’s L\, 
I 2 in C, and for every pair of k -tuples dk G (dom(Li))^ and bk G (dom(/ 2 ))^, if 
dk =k bk then there exists an isomorphism f : dom{Li) — > dom{L 2 ), such that 
/(tti) = bi, for every 1 <i <k. 

That is, in pairwise fc-homogeneous classes FO^ types for fc-tuples are iso- 
morphism types for fc-tuples. 

As an example of such classes, let’s define the class for every r > 1, 
as a class of trees of arbitrary depth, of out degree bounded by r, and where 
all the nodes at the same depth have the same out degree. So, we can write a 
formula with one free variable which defines a type for 1-tuples, expressing the 
distance from the node to the root, the distance from the node to a leaf, and 
the out degree of every ancestor, as well as the out degree of every descendant, 
in any of the paths from the node to a leaf (it doesn’t matter which path we 
choose, because in all of them all the nodes at the same depth will have the same 
degree). This formula can be written with (r -|- 1) variables (though it should 
be noted that for trees which are not in the class % we need (r -|- 2) variables). 
And it is clear that we can write the FO’’~^^ types for (r -|- l)-tuples by using a 
formula of this kind for every component of the tuple, and then by defining, with 
2 variables, the directed or undirected path between every pair of components. 
Finally, the conjunction of all those formulae isolates the desired type 

for (r -I- l)-tuples. Then it is clear that if two (r -h l)-tuples of two different trees 
in the class have the same FO’’~^^ type, the trees must be isomorphic, and one 
tuple can certainly be mapped onto the other. So that the class F, for every 
r > 1, is pairwise (r -I- l)-homogeneous. 

Lemma 3.2. For every fc > 1, and for every query f of any schema a in CQ, if 
C is a class of db’s of schema a which is recursive and closed under isomorphisms 
and which is also pairwise k-homogeneous, then there is a RRM^ machine which 
computes f\c- 
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Finally, let’s consider RRM with variable complexity /(n). As we observed 
before in this article, there are many classes of db’s for which there is no fc G w 
such that the class is fc-homogeneous. However it is quite easy to build classes of 
db’s where the number of variables which are needed for automorphism types for 
tuples is bounded by a sub-linear function. This is because as it is well known in 
F'O" we can characterize a database of size n up to isomorphism, and we cannot 
count the number of elements with less than n variables. As an example of such 
classes of databases, think of graphs which are formed by a certain number of 
isolated nodes and the disjoint union of two trees of depth 1, where the out degree 
of the trees differs by 1. We can make the number of isolated nodes arbitrary 
big in relation with the degrees. And it is clear that if we can use a number 
of variables big enough to separate the trees we can define the automorphism 
types, and then we can adjust the number of isolated nodes so that the number 
of variables is bounded by any given recursive and sub-linear function. 

We will denote as =f(^„),k the equivalence of types for ^-tuples (that 

is, types in FO, where the number of variables is given by a function on the size 
of the db) . 

Definition 3.4. Let f : oj — > uj he a sub-linear and recursive function, and let 
k>l. A db I is (/(n), fc)-homogeneous if k < /(|<iom(/)|) and if for every pair 
of k -tuples dk and bk in {dom{I))^ , if dk =f{n),k bk, then dk =~ hk- A class 
C of db’s of schema a is (/(n), fc)-homogeneous if every db I G C is {f{n),k)- 
homogeneous. 

Lemma 3.3. Let k > 1. Then, for every sub-linear and recursive function f, 
there is a set of queries Q of some schema a, such that if C and C are any two 
classes of db’s of schema a, such that C is {f{n),k) -homogeneous and C is not 
(f{n),k) -homogeneous, then for every q G Q, q\c is computable by a 
machine, but it is not the case that for every q G Q, q\c> is computable by a 
machine. 

With the classes QCQ*’ we characterized the total queries which preserve 
realization of FO^ types for /c-tuples. But, as we noted in the Remark after 
Definition 3.2, it is not the case that every countably infinite class of databases 
is /c-homogeneous for some k. So, the queries which preserve realization of FO 
types for tuples, but which don’t preserve realization of FO^ types for fc-tuples, 
for any k, will not belong to any QCQ!^ class, for no k. This is because if we fix 
some fc > 1, the number of variables which are needed for the automorphism 
types for fc-tuples in different databases can be different. And the number of 
different bounds for the number of variables is actually infinite. 

So that for this purpose we need to define a new class of queries in a different 
way than the one we used before. The intuitive idea behind this new class, is that 
queries which belong to it preserve, for any two db’s of the corresponding schema, 
the realization of types in fO bounded to a number of variables which is enough 
for both db’s to define tuples up to automorphism. Note that for different pairs 
of db’s these queries will preserve types defined with possibly different number 
of variables. 
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Definition 3.5. For any schema a, let’s denote as arity{a) the maximum arity 
of a relation symbol in the schema. We define the class QCQ as the class of 
queries f € total (CQ), of some schema a and of any arity, for which there 
exists an integer n > max{arity(f),arity{a)}, such that for every pair of db’s 
I\, I 2 in Sajin, if Ii =Th I 2 , then f{I\) =th where h = max{n,min{k : 

I\ and I 2 are strongly k-homogeneous}} . 

Lemma 3.4. totaliCQ) D QCQ D QCQf’ . 

Proof. The first D and the second Q are straightforward. As to the second 
let’s define the query / in the schema of the graphs, as the nodes belonging to 
the smaller clique in the sub-class Q of graphs which are the disjoint union of 
two cliques whose sizes differ at most by 1. And we define / to be empty if the 
two cliques are of the same size or if the graph is not in that sub-class. It is not 
hard to see that / G QC Q, but / ^ QC . 

We should point out a very important difference between queries in QC Q and 
queries in QCQf . A query in the first class has to be aware of every property 
which a tuple may have in the db, up to automorphism. And this fact can imply 
that it will not preserve realization of coarser types, that is, types defined in 
FO with fewer variables. In part b of the Proof of Lemma 2.1 we showed an 
example of a query which preserves realization of FO^~^^ types, but which does 
not preserve realization of types. On the other hand, a query / G QCQ^, 
for some k, must preserve realization of FO^ types for fc-tuples in every pair of 
db’s in the corresponding schema. And, by the Remark after Definition 2.2, if 
this is the case, the query / will also preserve the realization of types defined 
with any bigger number of variables, say (fc -|- i) for some i G ui, also for every 
pair of db’s in the schema. Now, note that / is sufficiently precise as to consider 
FO^+^ types, but, at the same time, it must also be sufficiently simple so it 
doesn’t separate equivalence classes in =k in equivalence classes in =k+i which 
form them (by the Remark after Definition 2.1), arbitrarily, because / must 
preserve realization of FO^^’’ types. 

Note that the queries based on the type index for /c-tuples which we men- 
tioned in the Remark after Theorem 3.1 are in {QCQ — QCQf’). So that the 
increment in the computability power of the machines when working 

on classes of db’s which are homogeneous, is big enough to allow for a RRM^ 
machine to go through the whole hierarchy QC , and, further, to get out of it 
into QCQ. So, the next results follow immediately. 

Corollary 3.1. There are queries f of some schema a in {QCQ— QCQ^) whose 
restriction to any class of db ’s of schema a which is k-homogeneous, for some 
k > 1, is computable by a RRM^ machine. On the other hand, if g is a query 
of some schema p whose restriction to any class of db ’s of schema p which is 
k-homogeneous, for some k > 1, is computable by a RRM^ machine, then, 
g G QCQ. 
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